Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.

Related Content you might be interested in

Current Title:

Small book image
Bug Bounty Hunting Essentials
Carlos A. Lozano | Shahmeer Amir
Nov, 2018 | 270 pages
Small book image
Hands-On Application Penetration Testing with Burp Suite
Carlos A Lozano | Riyaz Ahemed Walikar | Dhruv Shah
Feb, 2019 | 366 pages
Small book image
Hands-On Bug Hunting for Penetration Testers
Joe Marshall
Sep, 2018 | 250 pages
Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto NajeraGutierrez
Aug, 2018 | 404 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Basics of Bug Bounty Hunting
Basics of Bug Bounty Hunting
Bug bounty hunting platforms
Types of bug bounty program
Bug bounty hunter statistics
Bug bounty hunting methodology
How to become a bug bounty hunter
Rules of bug bounty hunting
Summary
2
How to Write a Bug Bounty Report
How to Write a Bug Bounty Report
Prerequisites of writing a bug bounty report
Salient features of a bug bounty report
Format of a bug bounty report
Responding to the queries of the team
Summary
3
SQL Injection Vulnerabilities
SQL Injection Vulnerabilities
SQL injection
Types of SQL injection vulnerability
Goals of an SQL injection attack for bug bounty hunters
Uber SQL injection
Grab taxi SQL Injection
Zomato SQL injection
LocalTapiola SQL injection
Summary
4
Cross-Site Request Forgery
Cross-Site Request Forgery
Protecting the cookies
Why does the CSRF exist?
Detecting and exploiting CSRF
XSS – CSRF's best friend
Cross-domain policies
CSRF in the wild
Summary
5
Application Logic Vulnerabilities
Application Logic Vulnerabilities
Origins
Following the flow
Application logic vulnerabilities in the wild
Summary
6
Cross-Site Scripting Attacks
Cross-Site Scripting Attacks
Types of cross-site scripting
How do we detect XSS bugs?
Workflow of an XSS attack
Real bug bounty examples
Summary
7
SQL Injection
SQL Injection
Origin
Example
Automation
SQL injection in Drupal
Summary
8
Open Redirect Vulnerabilities
Open Redirect Vulnerabilities
Redirecting to another URL
Constructing URLs
Executing code
URL shorteners
Why do open redirects work?
Detecting and exploiting open redirections
Exploitation
Impact
Black and white lists
Open redirects in the wild
Summary
9
Sub-Domain Takeovers
Sub-Domain Takeovers
The sub-domain takeover
Internet-wide scans
Exploitation
Mitigation
Sub-domain takeovers in the wild
Summary
10
XML External Entity Vulnerability
XML External Entity Vulnerability
How XML works
How is an XXE produced?
Detecting and exploiting an XXE
Templates
XXEs in the wild
Summary
11
Template Injection
Template Injection
What's the problem?
Detection
Exploitation
Mitigation
SSTI in the wild
Summary
12
Top Bug Bounty Hunting Tools
Top Bug Bounty Hunting Tools
HTTP proxies, requests, responses, and traffic analyzers
Automated vulnerability discovery and exploitation
Recognize
Extensions
Summary
13
Top Learning Resources
Top Learning Resources
Training
Books and resources
CTFs and wargames
YouTube channels
Social networks and blogs
Meetings and networking
Conferences
Podcasts
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Chapter 9. Sub-Domain Takeovers

The vulnerability we will be talking about in this chapter is so tricky that it is more like a configuration management error than a vulnerability. However, there are bounty platforms, such as HackerOne, that include it as vulnerability, so it's still worth discussing.

The problem in this case arises when someone registers a new domain to point to another domain. So, we will cover the following topics in the chapter:

  • Sub-domain takeovers
  • Internet-wide scans

In a vulnerability example, the sub domain (hello.domain.com) uses a canoninal name (CNAME) record to point to fulanito.com. A CNAME record is a domain name service (DNS) register, and it allows us to specify an alias for a domain name to a user. For example, if we have the Mexican domain, mitiendita.com.mx, we can create a CNAME register to point it to mitiendita.com.cl using the same server or the same IP address.

These registers are useful when we need to point to external domains, and are very common within...

Previous Section
End of Section 1
Next Section