If you are reading this, then I think, you know what bugbounty is. So, I am not talking about these. If you are not aware of it, then this blog is not for you. You may leave. Let's dig more ...
First of all, you have to have the basic knowledge of internet & computer. I hope, you all know how to browse the internet & use computer. Let's start then ...
- HTTP basics
- How the web works
- How we see an webpage
- What is an HTTP request & response
- HTTP methods and etc.
- Basic of networking
- What is IP
- What is ports ( open ports )
- What is DNS and etc.
- Some basics languages
- HTML ( must )
- PHP
- JavaScript
- Bash
- Python
- Java
- SQL
- Webserver basics
- Linux basics ( basic shell scripting specially ).
- Basic cryptography
- Most importantly, running Burp Suite ( professional edition isn't necessary ) or, Zap Proxy
The most important thing in bugbounty is having patience & keep hunting and improving skills day by day and keeping yourself updated with recent vulnerabilities. You can use twitter for this purpose. Cause, you will find almost all hackers in there talking about cyber security & bugbounty.
You will find others posting bugbounty tips.The best single #XSS vector you'll ever have! 😎
JavaScript://%250Aalert?.(1)//
'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!-->
</Title/</Style/</Script/</textArea/</iFrame/</noScript>
\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(alert)(1)}//><Base/Href=//X55.is\76-->— Brute Logic (@brutelogic) October 18, 2021
In fact, you can ask help from them. And, you can read the hacktivity from hackerone.Ever got an IDOR rejected because it needed a UUID? 👀
— INTIGRITI (@intigriti) February 5, 2022
There's a chance left to elevate the severity📈@hetmehtaa knows a trick 💡#bugbounty #bugbountytips 👇 pic.twitter.com/n10W1eaS0X
And can learn about different vulnerabilities from the disclosed bugbounty reports.
You can also subscribe intigriti's ( an ethical hacking platform like hackerone & bugcrowd ) newsletter. From which you can get updates about their blog posts. I like the bug bytes most. I think, you will also like that. So, feel free the subscribe that too.
Some helpful websites that will help you in bugbounty,
How we should start practicing ?
Well, the simplest answer is, complete the OWASP top 10 😉 .
Complete every vulnerability that is present in the OWASP top 10. And you will be ready to participate in the real world. While you are learning, try to practice them in the real world web applications.
Keep practicing in different platforms. Such as in CTF platforms or, platforms like tryhackme or, hackthebox . And gain knowledge from all of these.
Does playing CTF can help us in finding bugs in the real world?
Actually, not exactly. But, it will help you to increase your thinking ability as well as skills of hunting.
That's all. Keep learning & keep hacking the world. Remember a thing, " Never loose your hope. " .