@bebiksior created a tool that makes allows you to test SSRFs really easily. You no longer have to code something yourself if you need to control the HTTP response when testing for SSRFs. And it’s free to use! https://twitter.com/bebiksior/status/1723797751958257786
Articles by Issue
Fuzzing XSS Sanitizers for Fun and Profit | @TomAnthonySEO
Earlier this year, I published a video about a payload that confused golang’s HTML parser which could lead to an XSS. While after the fact, I could explain the bug very logically, encountering it was nothing more than intuition and luck. Thus, when seeing other XSS...
CTTB – The OG Bug Bounty King – Frans Rosen
If you are not listening to the Critical Thinking Bug Bounty Podcast, you are missing out on tons of useful, intermediate to advanced bug bounty and web security tips. I do listen to every single episode. Recently, I played the one with Frans Rosen and, at times, it...
JS Monitoring implementation
I’ve been hearing about monitoring JS files for years now and I know that I should start doing it. Youssef Sammouda - Meta’s TOP1 hacker told me in my podcast that he chooses his targets based on monitoring JS files. But I still never got to it. Some of the reasons...
4 DOs and DON’Ts for writing quality reports
None of us manual hackers has an infinite number of bugs to report. Sometimes, we need a few hours to find a bug but at other times, we need days or weeks. So when we finally have it, it would be stupid to write a poor report and get a bounty lower than we deserve....
Caido catching more traction
For a long time, Burp suite was basically the HTTP proxy that everyone was using despite numerous problems that we have had with it. However, Burp’s competitor - Caido is getting more and more traction recently and is getting more people onboard. I’m happy to see it...
Hunting For Amazon Cognito Security Misconfigurations by @Yassineaboukir
AWS Cognito is a cloud solution to handle authentication and authorization for developers. I’m sure not having to handle this part sounds awesome for them because there are many mistakes you can commit in this functionality. But while AWS Cognito handles a lot of...
Bounty of an Insecure WebView: XSS, but with Steroids
I get regularly asked about mobile bugs in bug bounty. I often say that many bugs regarding, for example, mobile storage that I reported during pentests, are not severe enough to qualify for a bounty. There are, however, bug classes that are definitely worth looking...
Hacking Google Bard – From Prompt Injection to Data Exfiltration
For me, the moment that Google Bard got access to Gmail and Google Docs was the moment I stopped to see new bug classes like prompt injection or jailbreak escapes like some attacks of the future and I started to see them as having the real, severe impact here and now....
Severe HTTP request smuggling bug chain
I always read and watch James Kettle’s presentations about request smuggling to understand the new attacks. However, a lot of times I then don’t see how they are exploited in the wild. That’s why I liked this article by D3D where showed how he was able to send all...