Tips From A Bugbounty Hunter
by MrBr - November 18, 2019 at 10:34 AM
#1
If you are already doing bugbounty hunting and are proficient in the field then this article is not for you because you guys already have your secret weapons. This article is for everyone who has not had much success or is just starting out and has very little knowledge but great enthusiasm and energy.

Let The Games Begin

While hunting for a bug in a bugbounty program, if you ask how to start testing a target, everyone will say "Recon and Enumeration", but I still get confused by what that includes. So I made a personal guide for myself and included all the information I could get from the bugbounty hunters and internet itself.


Before jumping into the points, let me give you few tips that my fellow bughunters gave me and are a must to follow.

  • Rule number 1 : Have patience. Sometimes it takes ages to get to your first bounty and get the bug resolved.
  • Rule number 2 : Be prepared for duplicates because there will be hundreds other bugbounty hunters looking at the same page as you.
  • Rule number 3 : Be respectful to everyone and ask for help if you get stuck anywhere but before asking make sure you search for all possible ways to resolve the issue.

Now lets jump into the method I use which has landed me some small bounties, hunt for low hanging fruit that will give you an easy payout.

  1. There's a reason they say "Google is your best friend". I received a $200 bounty from a program just by grabbing a pdf file using a Google Dork and pulled information from an online shop which showed the details of their customers purchases.
  2. Search for subdomains, not just for takeovers, but for interesting information. I found a confidential page where there was a signup option in it. I guess most were checking only for subdomain takeover but forgot to check functionality. Some of the best tools are:
  3. Check for sensitive files in strange looking subdomains.
  4. Hunt for logical issues. We are logical creatures, and one very very very simple logical issue actually landed me my first swag pack. I might write about it here in next article if possible.
These are some of my simple tips, Someday we will be like every major bughunter out there that you respect and think is awesome. Keep hunting, reading and learning is the key to bug bounty success.

Wish you best of luck.
source
#2
Thanks dude , this is very interesting!
#3
I was hoping this was about catching rapey nigs, not ratting out bugs to shitty companies for shekels like a jew.
#4
OP were you successful in getting any bounties?
#5
(December 10, 2019 at 10:52 AM)dbcracker Wrote: OP were you successful in getting any bounties?

Yes, i don't have a lot of time for this, but I've got like 10 bounties.

(December 10, 2019 at 03:36 AM)EPP Wrote: I was hoping this was about catching rapey nigs, not ratting out bugs to shitty companies for shekels like a jew.

I'm not sure what did you mean by that!? what is shekels?
#6
(December 10, 2019 at 01:14 PM)MrBr Wrote: I'm not sure what did you mean by that!? what is shekels?
shekel  is a local currency of Israel.
#7
Thanks mate great share

Possibly Related Threads…
Thread Author Replies Views Last Post
Hacking tips Forgotten435 12 1,744 October 03, 2021 at 03:24 AM
Last Post: m-wire
Tips On Learning C++ Strikerr 5 388 September 18, 2021 at 01:30 PM
Last Post: Strikerr
more life pro tips by grangus grangus 3 381 May 29, 2021 at 11:34 PM
Last Post: ElevenFiftyNine

 Users browsing this thread: 1 Guest(s)