Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.

Related Content you might be interested in

Current Title:

Small book image
Bug Bounty Hunting Essentials
Carlos A. Lozano | Shahmeer Amir
Nov, 2018 | 270 pages
Small book image
Hands-On Application Penetration Testing with Burp Suite
Carlos A Lozano | Riyaz Ahemed Walikar | Dhruv Shah
Feb, 2019 | 366 pages
Small book image
Hands-On Bug Hunting for Penetration Testers
Joe Marshall
Sep, 2018 | 250 pages
Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto NajeraGutierrez
Aug, 2018 | 404 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Basics of Bug Bounty Hunting
Basics of Bug Bounty Hunting
Bug bounty hunting platforms
Types of bug bounty program
Bug bounty hunter statistics
Bug bounty hunting methodology
How to become a bug bounty hunter
Rules of bug bounty hunting
Summary
2
How to Write a Bug Bounty Report
How to Write a Bug Bounty Report
Prerequisites of writing a bug bounty report
Salient features of a bug bounty report
Format of a bug bounty report
Responding to the queries of the team
Summary
3
SQL Injection Vulnerabilities
SQL Injection Vulnerabilities
SQL injection
Types of SQL injection vulnerability
Goals of an SQL injection attack for bug bounty hunters
Uber SQL injection
Grab taxi SQL Injection
Zomato SQL injection
LocalTapiola SQL injection
Summary
4
Cross-Site Request Forgery
Cross-Site Request Forgery
Protecting the cookies
Why does the CSRF exist?
Detecting and exploiting CSRF
XSS – CSRF's best friend
Cross-domain policies
CSRF in the wild
Summary
5
Application Logic Vulnerabilities
Application Logic Vulnerabilities
Origins
Following the flow
Application logic vulnerabilities in the wild
Summary
6
Cross-Site Scripting Attacks
Cross-Site Scripting Attacks
Types of cross-site scripting
How do we detect XSS bugs?
Workflow of an XSS attack
Real bug bounty examples
Summary
7
SQL Injection
SQL Injection
Origin
Example
Automation
SQL injection in Drupal
Summary
8
Open Redirect Vulnerabilities
Open Redirect Vulnerabilities
Redirecting to another URL
Constructing URLs
Executing code
URL shorteners
Why do open redirects work?
Detecting and exploiting open redirections
Exploitation
Impact
Black and white lists
Open redirects in the wild
Summary
9
Sub-Domain Takeovers
Sub-Domain Takeovers
The sub-domain takeover
Internet-wide scans
Exploitation
Mitigation
Sub-domain takeovers in the wild
Summary
10
XML External Entity Vulnerability
XML External Entity Vulnerability
How XML works
How is an XXE produced?
Detecting and exploiting an XXE
Templates
XXEs in the wild
Summary
11
Template Injection
Template Injection
What's the problem?
Detection
Exploitation
Mitigation
SSTI in the wild
Summary
12
Top Bug Bounty Hunting Tools
Top Bug Bounty Hunting Tools
HTTP proxies, requests, responses, and traffic analyzers
Automated vulnerability discovery and exploitation
Recognize
Extensions
Summary
13
Top Learning Resources
Top Learning Resources
Training
Books and resources
CTFs and wargames
YouTube channels
Social networks and blogs
Meetings and networking
Conferences
Podcasts
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

XSS – CSRF's best friend

If we found that the application we are testing uses an anti-CSRF protection and is well-implemented, it is not the end. Maybe it is possible to defeat the anti-CSRF protection if we can use an XSS technique.

Let's do a little research about XSS attacks. The XSS attack sends a URL or POST request with the malicious payload to the user. So, if an application is vulnerable to CSRF but it has an anti-CSRF protection, when the application receives the XSS attacks, it will have the token or hash included as protection. So, the purpose is not injecting the code, but getting the token to use it in other requests.

This is the basic idea, but XSS could be exploited to bypass other types of protections. Here's a summary of how you can do it:

  • A stored XSS could read all the tokens in an application. Why? Because a stored XSS is launched by the application, and any response launched by it will have the token – even an XSS launched.
  • In applications that have more than one step to...
Previous Section
End of Section 5
Next Section