Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Bug Bounty Hunting Essentials
  • Table Of Contents Toc
  • Feedback & Rating feedback
Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

By : Shahmeer Amir , Carlos A. Lozano
3.3 (3)
Buy this Book
close
close
Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

3.3 (3)
By: Shahmeer Amir , Carlos A. Lozano
Buy this Book

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.
Table of Contents (15 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
Get in touch
Icon
Disclaimer
Lock Free Chapter
1
Basics of Bug Bounty Hunting
Icon
Basics of Bug Bounty Hunting
Icon
Bug bounty hunting platforms
Icon
Types of bug bounty program
Icon
Bug bounty hunter statistics
Icon
Bug bounty hunting methodology
Icon
How to become a bug bounty hunter
Icon
Rules of bug bounty hunting
Icon
Summary
2
How to Write a Bug Bounty Report
Icon
How to Write a Bug Bounty Report
Icon
Prerequisites of writing a bug bounty report
Icon
Salient features of a bug bounty report
Icon
Format of a bug bounty report
Icon
Responding to the queries of the team
Icon
Summary
3
SQL Injection Vulnerabilities
Icon
SQL Injection Vulnerabilities
Icon
SQL injection
Icon
Types of SQL injection vulnerability
Icon
Goals of an SQL injection attack for bug bounty hunters
Icon
Uber SQL injection
Icon
Grab taxi SQL Injection
Icon
Zomato SQL injection
Icon
LocalTapiola SQL injection
Icon
Summary
4
Cross-Site Request Forgery
Icon
Cross-Site Request Forgery
Icon
Protecting the cookies
Icon
Why does the CSRF exist?
Icon
Detecting and exploiting CSRF
Icon
XSS – CSRF's best friend
Icon
Cross-domain policies
Icon
CSRF in the wild
Icon
Summary
5
Application Logic Vulnerabilities
Icon
Application Logic Vulnerabilities
Icon
Origins
Icon
Following the flow
Icon
Application logic vulnerabilities in the wild
Icon
Summary
6
Cross-Site Scripting Attacks
Icon
Cross-Site Scripting Attacks
Icon
Types of cross-site scripting
Icon
How do we detect XSS bugs?
Icon
Workflow of an XSS attack
Icon
Real bug bounty examples
Icon
Summary
7
SQL Injection
Icon
SQL Injection
Icon
Origin
Icon
Example
Icon
Automation
Icon
SQL injection in Drupal
Icon
Summary
8
Open Redirect Vulnerabilities
Icon
Open Redirect Vulnerabilities
Icon
Redirecting to another URL
Icon
Constructing URLs
Icon
Executing code
Icon
URL shorteners
Icon
Why do open redirects work?
Icon
Detecting and exploiting open redirections
Icon
Exploitation
Icon
Impact
Icon
Black and white lists
Icon
Open redirects in the wild
Icon
Summary
9
Sub-Domain Takeovers
chevron up
Icon
Sub-Domain Takeovers
Icon
The sub-domain takeover
Icon
Internet-wide scans
Icon
Exploitation
Icon
Mitigation
Icon
Sub-domain takeovers in the wild
Icon
Summary
10
XML External Entity Vulnerability
Icon
XML External Entity Vulnerability
Icon
How XML works
Icon
How is an XXE produced?
Icon
Detecting and exploiting an XXE
Icon
Templates
Icon
XXEs in the wild
Icon
Summary
11
Template Injection
Icon
Template Injection
Icon
What's the problem?
Icon
Detection
Icon
Exploitation
Icon
Mitigation
Icon
SSTI in the wild
Icon
Summary
12
Top Bug Bounty Hunting Tools
Icon
Top Bug Bounty Hunting Tools
Icon
HTTP proxies, requests, responses, and traffic analyzers
Icon
Automated vulnerability discovery and exploitation
Icon
Recognize
Icon
Extensions
Icon
Summary
13
Top Learning Resources
Icon
Top Learning Resources
Icon
Training
Icon
Books and resources
Icon
CTFs and wargames
Icon
YouTube channels
Icon
Social networks and blogs
Icon
Meetings and networking
Icon
Conferences
Icon
Podcasts
Icon
Summary
14
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Internet-wide scans

There is a project that can show us CNAME resolution on the internet to follow the takeover as it happens. The link to the project is as follows: https://scans.io/.

Detecting possibly affected domains

In order to find vulnerable domains, there is a process we can follow published by the researcher Patrick Hudak.

Patrick Hudak describes the first step as generating a list to define a scope. Usually, this scope is defined in the Bounty program – after that, we enumerate all of the possible domains.

Sub-domain enumeration can be performed using Amass. Amass is a tool created by the OWASP project to obtain sub-domain names from different sources. Amass uses the collected IP addresses to discover netblocks and ASNs.

To use Amass, you need to launch the searchers from the command line in the system, as shown in the following snippet:

$ amass -d bigshot.beet$ amass -src -ip -brute -min-for-recursive 3 -d example.com[Google] www.bigshot.bet[VirusTotal] ns.bigshot.beet...13139 names...
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Bug Bounty Hunting Essentials
End of Section 9
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon