Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Protecting the cookies


Due to cookies being fully controllable from the client side, there are mechanisms to protect them from malicious modification:

  • Secure: This is a header flag that could be included in the application server when a cookie is sent by the HTTP response. It used to protect the cookie from channel interception. Basically, the use of this flag forces the applications to send cookies just for HTTPS connections.
  • HttpOnly: This is a flag included in the header's response to avoid scripting attacks to extract information from the cookies. For example, in the past, it was very common use cross-site scripting (XSS) attacks to extract information from cookies using JavaScript. Using HttpOnly, just the cookie could be consulted by the browser, and not by external scripts.

These controls can prevent some attacks, but what happens if the original application is doing an unexpected action while you have a session established with it? Is it possible? Yes, for sure, and it is not an error...