Bug Bounty for - Beginners

3,382
-1

Published on

Bug Bounty for - Beginners

Published in: Technology
1 Comment
7 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,382
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
158
Comments
1
Likes
7
Embeds 0
No embeds

No notes for slide

Bug Bounty for - Beginners

  1. 1. Bug Bounty for -Beginners HIMANSHU KUMAR DAS
  2. 2. about.me Infosec analyst at iViZ techno sol. Pvt. Ltd. Passionate Capture The Flag(CTF) player. Started bug bounty recently, listed on few Security Acknowledgement Pages, few $$$, few t-shirts. Member of n|u community past 2 years 6 months.
  3. 3. todays talk  Prerequisites  Highlights  Initial Approach  Tools to tune  Automating on localhost.  Bug Submission/Reporting.  Demo…..
  4. 4. prerequisites patience……… of course, YES!!! Ninja Skills, NO!!! Operating System and web browser, a matter of argument, so you select!!! Have you read any of these?  OWASP Testing Guide v3  The Web Application Hacker’s Handbook- 2nd Edition  RFC 2616 – HTTP/1.1
  5. 5. bug bounty program: highlights  Not limited to web applications, even networks and products.  Must be a Responsible Disclosure.  Lots of $$$ , gifts, t-shirts.  Test your: <script>alert(“Bounty”);</script>
  6. 6. initial approach  Did you read the scope?  Reconnaissance:  CMS, default pages, paths, plugins( robots.txt, phpinfo.php, .htaccess)  Various subdomains  Identify services  Understand the logic of any functionality.  Say No to SCANNERS!!!
  7. 7. tools to tune  Web Proxy (Burp Suite, Fiddler, OWASP ZAP many others)  Must have firefox addons:  web developer  tamper Data  wappalyzer  foxyproxy  user agent switcher  live http headers  ClickJacking Defense (https://addons.mozilla.org/en- us/firefox/addon/clickjacking-defense-declar/)  and the counting goes on……………………
  8. 8. automating on localhost  Install web server on your local system.(WAMP, XAMPP)  Download and install product(CMS) on your local web server.  Time to input and sleep :  Wfuzz  intellifuzz-xss(By @matthewdfuller)  Sqlmap  IronWASP( By @lavakumark)
  9. 9. Few techniques to bypass security measures  Brute-force  IP based blocking, user-agent based blocking.  Account locked, yet account accessible.  Cross-site request forgery  Token missing.  Token not time-boxed.  Token not validated.  Token not random.  UI Redressing/ClickJacking  Drag and Drop [ Discovered by ahamed nafeez(@skeptic_fx) ]  Content Extraction (deprecated in modern browsers).
  10. 10. Bug Submission  Subject: Responsible Disclosure.  Nature/Description of the Bug.  Impact.  Testing Environment: OS, Browsers, Tools(if any).  Proof Of Concept: Video(avi/flv), Screenshot.
  11. 11. DEMO
  12. 12. Stored XSS through SVG  What is SVG?  Supports modern browser.  Dis-section of the payload.  XML CDATA - All text in an XML document will be parsed by the parser, But text inside a CDATA section will be ignored by the parser.  To avoid errors script code can be defined as CDATA.
  13. 13. references / links  http://www.computersecuritywithethicalhacking.blogspot.in/  https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_im age_that_called_me.pdf  http://blog.skepticfx.com/2011/09/facebook-graph-api-access-token.html  http://www.riyazwalikar.com  http://www.amolnaik4.blogspot.com
  14. 14. DEMO – Stored XSS on FACEBOOK BY Riyaz Ahemed Walikar @riyazwalikar http://www.riyazwalikar.com
  15. 15. QUESTIONS ? THANK YOU!!!twitter: @mehimansue-mail: me.himansu@gmail.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×