Hi, after our 5 tips to make the most of Twitter as a pentester or bug bounty hunter and 5 things I wish I knew as a junior penetration tester, we continue our series of tips & tricks…
Here are 5 Kali Linux tricks only known by Kali power users!
I don’t know if this trick is well known because I haven’t seen it documented anywhere. You can install Kali Linux APT packages on any Debian machine. Yes, any Debian, not Kali!.
Why would you wanna do that? Well, let’s say your employer wants you to do tests from a Debian server. It happened to me, they wanted all tests to originate from the same IP and provided a shared Debian server.
Some tools are only available as Kali packages, and can’t be found on Github or anywhere else. Also, installing tools with APT is always better because then they’re easier to update (with
apt-get update && apt-get upgrade).
Hi, these are the notes I took while watching the talk “How to Differentiate Yourself as a Bug Bounty Hunter” given by Mathias Karlsson at OWASP Stockholm.
This talk is about how to differentiate yourself from the crowd, to ensure that you are successful at doing bug bounties.
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 26 of October to 02 of November.
OMG, this is a spooky one! The story of a whitehat hacker (maybe) wrongfully convicted, CIA agents killed because of Google dorking, researchers theorizing about human memory hacking… Plus the quantity of items listed this time!
There was so many good things shared that I could hardly choose, so this newsletter is even longer than usual. But of course, you don’t have to consume everything if you’re short on time. Just start with what interests you more, as many different topics are covered.
Enjoy and you can share feedback, suggestions, questions, likes… whatever you feel like.
Our favorite 5 hacking items
1. Tutorial of the week
How to perform the static analysis of website source code with the browser — the beginner’s bug bounty hunters guide
This guide explains everything: the tools you need, what to look for and where, how to use a JS debugger, etc.
So if you’ve been wondering how to get better at bug bounties, drop everything and read this.
Hi, this is a cheat sheet for Open redirect vulnerabilities.
It’s a first draft. I will update it every time I find a new payload, tip or writeup. So if you’re interested in open redirects, keep an eye on this page!
Open redirect payloads
Payloads to detect open redirection:
Common injection points / parameters
How to find entry points to test?
- Burp Proxy history & Burp Sitemap (look at URLs with parameters)
- Google dorking. E.g:
- Functionalities usually associated with redirects:
- Login, Logout, Register & Password reset pages
- Change site language
- Links in emails
- Look for hidden redirect parameters, for e.g.:
Responses to look for when fuzzing
- HTTP redirect status codes
- Alert box popping up
- Try using the same parameter twice:
- If periods filtered, use an IPv4 address in decimal notation http://www.geektools.com/geektools-cgi/ipconv.cgi
- Try a double-URL and triple-URL encoded version of payloads
- Try redirecting to an IP address (instead of a domain) using different notations: IPv6, IPv4 in decimal, hex or octal
- For XSS, try replacing alert(1) with prompt(1) & confirm(1)
- If extension checked, try
[any_param]=.uk). If it redirects to target.com.uk, then it’s vulnerable! target.com.uk and target.com are different domains.
- Use /U+e280 RIGHT-TO-LEFT OVERRIDE:
https://[email protected]%E2%80%[email protected]
- Burp Intruder & Burp Repeater
- Dirsearch with an open redirect payloads list (instead of the default list, or combined)
- Chaining open redirect with
- OAuth token disclosure
- CRLF injection
Open redirect writeups
Let me know if you have any comments, requests, questions… Feedback is always welcome.
See you next time!
Hi, today I’m going to share with you some advice that I wish somebody told me as a beginner penetration tester.
Working on your technical skills is important. But from my experience, mindset and productivity/organizational habits are even more important. They are the basis on which you will build solid technical skills, while maximizing your time and efforts.
The following tips are not exotic or extraodinary. But if you apply them and make them habits, they will help you up your game as a pentester and bug hunter.