Finding your first bug: bounty hunting tips
Yahan per main aapko Kuchh Aise tips batane ja raha hun jo ki aapko burp-Suite community dwara Diye gaye hain.
1. Understand the process
Doston new bug hunter jo Hote Hain unko starting mein Main Kisi e Kash vulnerability ke bare mein focus karna chahie aur unke bare mein main acche tarike se research karna chahie use particular vulnerability per jitne Sare blogs writerups yah book se help Ho unhen padhna chahie sabse important batein yaha yah hai ki aapko Apne dimag ko concentrate Karke Kisi Ek particular vulnerability per focus karna chahie.@0x1ntegral
- Aap Ko Kisi specific type of vulnerability par Dhyan Dena chahie.
- Jyada Se Jyada use vulnerability ke writeups padhna chahie.
- aapko jis vulnerability ko target kar rahe ho use vulnerability per hone wale program for per search karna chahie aur program may participate karna chahie.
- Agar aapko find karte ho, Uske bad aap ko dusre ki per upvas karna chahie and repeat step 1.
Inke dwara Diye Gaye kuch tips Ko Main aapko niche de de raha hun aapko i inkedwara Diye Gaye kuch tips Ko Main aapko niche de raha hun aap usko Dhyan se padhen aapko help hoga
- Get intimately familiar with the application, tech stack, or feature you are trying to break.
- Focus on how things work [read the RFCs] rather than running tools and one liners.
- Knowledge and curiosity is free.
- Recon ! = hacking [automate this]
2. Find the uncharted territory
Aapko Kuchh new explored area ke bare mein dhundhna hai. Aapko exploitable area ko find out karna hai Jahan per hidden content Hote Hain jyadatar Ek web application ke andar jo bhi hidden content Hote Hain uske andar weaknesses milane ka bahut jyada chances Hote Hain. Iske liye aap Google Ka Sahara Le sakte hain agar aap aap advance search karna chahte hain to third party Tulsi ka bhi istemal kar sakte hain jaise ki shodan.io. Iske bahut Sare advance tools h Jiska istemal ap kar sakte hain..Look for the dusty old corners of applications that everybody (especially developers) has forgotten. We ran into that all the time when I worked at Google - if you see the old Google logo or Times New Roman font somewhere, it's a good place to look. :)
Choose an old private program that pays small bounties.
3.Never stop learning
Doston is paragraph ke andar Jo Main aapko batana ja raha hun vah sabse important hai aur sabse Jyada advice Dene Wale topic yahi hai hai agar aap koi bhi form sites per yah Finding your first bug: bounty hunting tips question aap karte ho to unmen se sabse Jyada Jo tips Diye Gaya hua hai wah never stop learning ka. doston main aapko batana Chahunga ki bug bounty koi ek Khas course Nahin Hai Jise complete kr ya padha Diya Jaaye to ap bug hunter ban jaoge . doston bug-bounty Ek aisa technology Hai Jahan per bug Hunter ko everyday Kuchh Na Kuchh naya sikhana padta hai Kyunki Ki Har din web applications ke andar new new vulnerabilityi Aati rhti hai Yahi Karan hai ki Jiska bug Hunter ko Har din Kuchh naya sikhana padta hai. doston Jo experience bug Hunter Hain Unka Kahana Hai Ki ki no doubt aap Kisi particular vulnerability per Agar kam karte ho To bug ko found kar paoge. abhi main latest Mein padh raha tha hacker Van ke websites per to usmein likha gaya tha ki cross site scripting Paya gaya hai jo ki 2017 ke CVE ( common vulnerability and exposures) ka use Karke ye vulnerability nikala Gaya. aapko is Baat per Dhyan dena hai ki aapko old vulnerability ke bare mein bhi Dhyan Mein Rakhna hai aur jo nai vulnerability a rahe hain unhen bhi aap ko Dhyan Mein Rakhna hai Bus focus aapka Kisi particular aap vulnerability per Hona chahie.Niche Gaye niche Diye Gaye tips ko aap Dhyan se padhen:
Credit: Burp-Suit Community
Avoiding most bite sized tips. A lot of #bugbountytips these days are n/a issues, or ones prone to dupe. Instead, focus on deep diving web app knowledge in your academy or @PentesterLab and then deep dive an app looking for bespoke flaws.
Your first bug bounty rewards
When it came to first successful bounties for our community, there was a definite focus on content discovery. It looks like, once again, knowledge has been proven to demonstrate power!
My first finding was sensitive information leakage, discovered the page by using Google dorks from my phone on the way home from work. Site:*.[site].com-www-blog-help ... and so on
@darrensmale
My first bug on the very first @bugcrowd bounty#1 was a stored XSS in a messaging back end i'd found using DIR buster list via intruder, storing and echoing out user controllable information - advice... Content discovery is more important than anything
@n0x00
First bug I ever found as an analyst (a massive SQLi) turned into my first miniature pen test (while billed as an analyst) which led to me discovering my love for penetration testing..
@THE_TERRORIZER
We also spoke with our very own Director of Research James Kettle - you may know him better as @albinowax - to find out what his first bug bounty pay-out was. In his own words: "My first paid bug was flukey stored XSS in YouTube - after that I got stuck for ages ... until I found Blogger, put some time into understanding its crazy design, and found a whole batch of bugs over several months."
Conclusion:
Doston main Asha Karta Hun Ki aapko Finding your first bug: bounty hunting tips blog se Kuchh Idea Mila Hoga Agar block acchi lagi ho to ise share Karen aur Agar Ab Kuch suggestion Dena chahte ho to aap comment section Mein suggestion bhi de sakte hain main Agali bar se use chij ko improvement karunga . agar aap aise hi block chahte ho ho to aap comment section Mein Jarur bataen aur agar aap bugbounty per aise hi articles padhna chahte ho to aap mere is website ko bookmark bhi kar sakte ho finally thank you for reading my article
0 Comments