Finding your first bug: bounty hunting tips

Finding your first bug: bounty hunting tips


Doston mein aaj ke is blog   Kuchh Aise tips share karne wala hun joki ki aapko aapka first bug bounty main helpful hoga agar aap  bug bounty mein Main future banana chahte ho to aap is blog ke sath bane Raheye Aj main is blog mein Kuchh Aise tips main aapse share karne ja raha hun jo ki aap ka pahla  bug found karne mein helpful hoga.  doston Pichhle Ek sal  main main hacker One 2020 ke a reports  ke anusar bataya  hi ja raha hai ki ki Pichhle  sal ke comparison mein 2020 me bug Hunter group ki sankhya lagbhag do Guna jyada ho chuki hai aur yah  Badhkar approx 600,000 Se Bhi Jyada ho chuki hai.  doston main is blog Mein Jo Bhi aapko tips dene wala hun ye tips mera khud ka Nahin Hai  .jinhone bug bounty me experience hai aur unhone Kai bag found kiye h or unhone Apna future bug bounty me  Bana Liya Hai .unke dwara Diye Gaye tips ko hi main is log mein aap ko batane wala hun.  doston mein is log Mein Jo Bhi aapke sath share Karunga use  main burpsuits community se aap ko batana ja raha hun.

Yahan per main aapko Kuchh Aise tips batane ja raha hun jo ki aapko  burp-Suite community dwara Diye gaye hain.

1. Understand the process

Doston new bug hunter jo Hote Hain unko starting mein Main Kisi e Kash vulnerability ke bare mein focus karna chahie aur unke bare mein main acche tarike se research karna chahie use particular vulnerability per jitne Sare blogs writerups  yah book se help Ho unhen padhna chahie sabse important batein yaha yah hai ki aapko Apne dimag ko concentrate Karke Kisi Ek particular vulnerability per focus karna chahie.
  • Aap Ko Kisi specific type of vulnerability par Dhyan Dena chahie.
  •  Jyada Se Jyada  use vulnerability  ke writeups  padhna chahie.
  • aapko jis vulnerability ko target kar rahe ho use vulnerability per hone wale program for per search karna chahie aur program may participate karna chahie.
  •  Agar aapko find karte ho,  Uske bad aap ko dusre ki per upvas karna chahie and repeat step 1.


Inke dwara Diye Gaye kuch tips Ko Main aapko niche de de raha hun aapko i inkedwara Diye Gaye kuch tips Ko Main aapko niche de raha hun aap usko Dhyan se padhen aapko help hoga

  • Get intimately familiar with the application, tech stack, or feature you are trying to break.
  • Focus on how things work [read the RFCs] rather than running tools and one liners.
  • Knowledge and curiosity is free.
  • Recon ! = hacking [automate this]

2. Find the uncharted territory

Aapko Kuchh new explored  area ke bare mein dhundhna hai. Aapko exploitable area  ko find out karna hai Jahan per hidden content Hote Hain jyadatar Ek web application ke andar jo bhi hidden content Hote Hain uske andar weaknesses milane ka bahut jyada chances Hote Hain. Iske liye aap Google Ka Sahara Le sakte hain agar aap aap advance search karna chahte hain to third party Tulsi ka bhi istemal kar sakte hain jaise ki Iske bahut Sare advance tools h Jiska istemal ap kar sakte hain..

Look for the dusty old corners of applications that everybody (especially developers) has forgotten. We ran into that all the time when I worked at Google - if you see the old Google logo or Times New Roman font somewhere, it's a good place to look. :)
Choose an old private program that pays small bounties.

3.Never stop learning

Doston is paragraph ke andar Jo Main aapko batana ja raha hun vah sabse important hai aur sabse Jyada advice Dene Wale topic yahi hai hai agar aap koi bhi form sites per  yah Finding your first bug: bounty hunting tips question aap karte ho to unmen se sabse Jyada Jo tips Diye Gaya hua hai wah never stop learning ka.  doston main aapko batana Chahunga ki bug bounty koi ek Khas course Nahin Hai Jise complete kr ya padha Diya Jaaye to ap bug hunter ban jaoge . doston bug-bounty Ek aisa technology Hai Jahan per bug Hunter ko everyday Kuchh Na Kuchh naya sikhana padta hai Kyunki Ki Har din web applications ke andar new new vulnerabilityi Aati rhti hai Yahi Karan hai ki Jiska bug Hunter ko Har din Kuchh naya sikhana padta hai.  doston Jo experience bug Hunter Hain Unka Kahana Hai Ki ki no doubt aap Kisi particular vulnerability per Agar kam karte ho To bug ko found kar paoge.  abhi main latest Mein padh raha tha hacker Van ke websites per to usmein likha gaya tha ki cross site scripting Paya gaya hai jo ki 2017 ke CVE ( common vulnerability and exposures) ka use Karke ye vulnerability nikala Gaya.  aapko is Baat per Dhyan dena hai ki aapko old vulnerability ke bare mein bhi Dhyan Mein Rakhna hai aur jo nai vulnerability a rahe hain unhen bhi aap ko Dhyan Mein Rakhna hai Bus focus aapka Kisi particular aap vulnerability per Hona chahie.
Niche Gaye niche Diye Gaye tips ko aap Dhyan se padhen:
Credit: Burp-Suit Community
Avoiding most bite sized tips. A lot of #bugbountytips these days are n/a issues, or ones prone to dupe. Instead, focus on deep diving web app knowledge in your academy or @PentesterLab and then deep dive an app looking for bespoke flaws.

Your first bug bounty rewards

When it came to first successful bounties for our community, there was a definite focus on content discovery. It looks like, once again, knowledge has been proven to demonstrate power!
My first finding was sensitive information leakage, discovered the page by using Google dorks from my phone on the way home from work. Site:*.[site].com-www-blog-help ... and so on
My first bug on the very first @bugcrowd bounty#1 was a stored XSS in a messaging back end i'd found using DIR buster list via intruder, storing and echoing out user controllable information - advice... Content discovery is more important than anything
First bug I ever found as an analyst (a massive SQLi) turned into my first miniature pen test (while billed as an analyst) which led to me discovering my love for  penetration testing..
We also spoke with our very own Director of Research James Kettle - you may know him better as @albinowax - to find out what his first bug bounty pay-out was. In his own words: "My first paid bug was flukey stored XSS in YouTube - after that I got stuck for ages ... until I found Blogger, put some time into understanding its crazy design, and found a whole batch of bugs over several months."

Doston main Asha Karta Hun Ki aapko Finding your first bug: bounty hunting tips  blog se  Kuchh Idea Mila Hoga Agar block acchi lagi ho to ise share Karen aur Agar Ab Kuch suggestion Dena chahte ho to aap comment section Mein suggestion bhi de sakte hain main Agali bar se use chij ko improvement karunga .  agar aap aise hi block chahte ho ho to aap comment section Mein Jarur bataen aur agar aap bugbounty per aise hi articles padhna chahte ho to aap mere is website ko bookmark bhi kar sakte ho finally thank you for reading my article

Post a Comment