Every bug bounty hunter began by reporting low-hanging bugs and minor
problems that business didn't care about at the time.
1) Architecture Based Approach
First find the technologies used by the website.
For finding use this tool:
- Wappalyzer
- Buildwith
Then you can find if there are any CVE or public
exploits related to the technology the web app.
You can read
through documentations and bug bounty reports related to each dependencies.
Find out what the most common mistakes that can be made by developer.
If
you are a beginner, it would takes quite long time to understand each
technologies behind. This approach works well on modern web app.
2) Asset-based Approach
Bug hunters using this approach heavily relies on tools to find out as
many assets as possible.
For example -
- Use sublist3r to find all subdomains
- Use gau to fetch all URL.
- Discover all IPs belonged to the target.
Then you need to have a proper way to sort out and analyze the
information obtained. This approach works well if the target has wide scope
(eg. Facebook, Microsoft, Google).
To become
successful in this approach, You better familiar with some bash scripting or
use python to automate some tasks. Also it might create a lot of unneccessary
noice to the target and might lead to ip ban from the target.
Read more about what bug you want to Report :- Click Here
3) Function based approach
In this approach start testing the website as the normal user uses it
and use burp suite to record all request/response. Then, try to do something
that is not supposed to do, access some URL that is not authentication to do
so. Creativity is a key to be successful in this approach. Here are some of
the type of information that should be gathered on your target:
- Create a list of all the subdomains and IPs that belong to the target.
- Find information about the type of software and services the site uses.
- Check if they have a github account?
- check the robots.txt file
- Does the site have any input forms, any parameters in the URLs?
- Start hunting as soon as any organization introduces the program.
Read more about Burp Suite Tutorial :- Click Here
Conclusion:
You can read more bug hunting report
and find out more yourself. Then, you can mix and match these
approaches and techniques.
As time passes you would
find yourself developed your own methodology and getting smooth in bug
hunting.
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.