In the last two issues of this course, we covered the browser’s Elements, Console and Network tabs, and then different ways to set breakpoints. In this issue, we finally get to what to do when our browser hits the breakpoint. This is a massive help for understanding...
Tools
Devtools #2 – Types of breakpoints and 11 ways to set them
I will also cover debugging in DevTools but that’s too much for a single article so I’m splitting it a bit. The first thing you need for debugging is to set up a breakpoint. You can do it in various ways and in this issue, I will show you all I know which is X. I’ll...
DevTools #1 – Elements, Console and Network tabs
Browser Devtools is an amazingly powerful set of tools that can help you massively with finding client-side bugs and even make finding some server-side bugs easier. However, using devtools isn’t easy. Especially since there are tons of functionalities for developers...
Boost your productivity with text replacements
I could recommend you here every episode of the Critical Thinking Bug Bounty podcast in the dark, without even listening. I just learn so much from every episode. I recently listened to the 16th, about tools for bug bounty hunting. One really caught my attention:...
Is GPT good enough already to find bugs for you?
A lot of you have been asking me to create some AI-related articles and explain how we can use it for bug bounty. While I do believe that AI will help us a lot in the future, so far I have not found a suitable use case for finding bugs. I do, however, find it...
Safely detect Server-side prototype pollution
Server-side prototype pollution often results in an RCE. However, it is very prone to DoSing the app while trying to confirm or exploit it and DoSing the app isn’t what we want to do when hunting on bug bounty programs. But Gareth Heyes made some research and found a...
Google OSV-Scanner
OSV-Scanner is Google’s tool to find existing vulnerabilities affecting dependencies. I think it’s a good addition to your SSDLC. https://github.com/google/osv-scanner
You don’t need a VPS to expose your server to the Internet
Like most home Internet connections, my Internet service provider doesn’t give me a public IP address on which I could expose anything to the Internet. When I need to, I’m using a VPS. Pretty much the only reason I’m paying for it is because a few times a month, I...
A tool for Nginx bugs and misconfigs
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. I’m happy to see it because I’m quite bad with all the bugs having to do with reverse proxies and Nginx is one of most popular ones. https://github.com/stark0de/nginxpwner
A tool to get a USA phone number
The problem of needing another phone number for registering a test account on a website is quite an annoying one. Especially when the number has to be from a particular company, often the USA. While free SMS gates are sometimes enough, often they don’t work as they...