Part 03 | What To Do After Choosing a Target? | Post Recon |Bug Bounty
2023-12-7 01:38:54 Author: infosecwriteups.com(查看原文) 阅读量:9 收藏

Om Arora

InfoSec Write-ups

Hello Everyone, Welcome to the 3rd Part of the series

In the last series we discussed about :

  1. Google Dorking
  2. Analyzing Js files
  3. Content discovery

And with that we were done with Recon. So now the question comes up,

What to do after Recon ?

So, Let’s Start !

So before beginning to scan the target manually we will need to setup a proxy, A proxy server acts as a gateway between you and the internet.

We have several apps that can help us do that like -:

  • Burp Suite
  • Owasp Zap

Today we are going to use BurpSuite, you can download the community edition which is free for everyone from the portswigger website

You will see something like this, You can setup the proxy with your external browser using these instructions:

Now Let’s Begin the Manual Hunting!

The first thing I do after recon is just open the website and start using it like a normal user, Do the thing you would do as a normal user, Register an account and where ever you see an input field enter this attack vector-

‘”`><img src=x>${7*7}

This will test for SQLi, CSTI, SSTI, XSS

While exploring the application please make sure to note everything down, there are many note taking apps, some of my favourite are-

  • CherryTree
  • Notion
  • Obsidian

Now Write down all the functionalities that you notice in the website, now here we are going to use Medium as example,

Here we have some features like ->

Register, Sign in, Read Story, Write Story, Buying Memberships, Follow, Subscribe, Publish

And Many More features, we are going to try all of them and get a hang of the application and it’s main purpose as a user so it’s easier to attack it, Now once we know all the functionalities we can think about the ways to exploit any of the function, we can also read reports on similar functions on other programs and try the same things and other stuff.

And while doing this make sure your Burpsuite is setup in the background and you have set your scope so your sitemap and httphistory will fill up as we will be needing that later.

You can also read the website manual or documentation if there is any because that is very important for an attacker to know their application from top to bottom.

You want to make sure You have clicked on every button, link, and endpoint.

Note everything Down, including the recon that we did in the last 2 blogs, everything will be very helpful while testing the functions because you will have many questions while testing and half of them will be answered in your notes itself, the notes doesn’t have to be perfect it can be the way you feel free and comfortable to write.

For example here is how I take note of important things ->

and sometimes I also take notes like this :

So it really depends on you,

Now we are going to explore the requests that we have in the burpsuite-

For example I clicked on delete draft in one of my drafts on medium, the request was something like this-:

Now what I could try is to change the target post Id and see what happens,

We also have an option where we can see only the parameterized requests,

This is very helpful for finding bugs such as XSS, IDORS etc

Make sure to change the ids to your own account and not cause harm to anyone else

There are many other things that can be done like this, we are going to learn all of them one by one,

Most of the people look for particular bug types but Here I am going to use a different approach towards the websites and test all case scenarios one by one.

The main reference I will use is the OWASP WSTG Checklist which is very useful for testing

I will —

  • Explain the Test Cases
  • Tell the bugs It could contain
  • Steps to find those bugs
  • Reports on real case scenarios of those bugs

and test all the functionalities one by one.

Thats it for this blog, Thank you for reading till the end, I hope it helped you in some way.

Here is a basic overview of what all will be in the next Blog -:

We will test all these cases and know about the bugs that could be present, and Steps to find those bugs and extra tips.

I am also working on making a mindmap which I will share soon,

Preview:

If you want more resources or free courses links feel free to dm me on instagram:

https://www.instagram.com/om._.arora1603/

You can also connect with me on linkedin:

https://www.linkedin.com/in/om-arora-b88340213/

Please Consider following and liking if you found it helpful.

You can also support me through:


文章来源: https://infosecwriteups.com/part-03-what-to-do-after-choosing-a-target-post-recon-bug-bounty-1a7f431b4d79?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh