Web Hacking + Bug Bounty Tricks

These are my Bug Bounty / Pentest notes that I have gathered from various sources.

You can also contribute.

List of Vulnerabilities

• API Key Leak
• CRLF Injection
• CSRF
• Cache Poisoning / Deception
• DOM Clobbering
• File Inclusion
• File Upload
• GraphQL
• Host Header Injection
• IDOR
• JWT
• NoSQLi
• Open Redirect
• Race Condition
• Reverse Tab Nabbing
• SQLi
• SSRF
• XSS
• XXE

Bypass Techniques

• 2FA / OTP Bypass
• 403 Bypass
• 429 Bypass
• Captcha Bypass
• CSP Bypass
• Login Bypass
• Rate Limit Bypass
• Reset Password Bypass
• WAF Detect / Bypass

Recon & OSINT Techniques

• Recon
• OSINT

Cloud / Docker

• General
• Info Gathering
• AWS
• Azure
• GCP
• CDN - Domain Fronting
• Docker & Kubernetes
• Container Attacks

Top Tools & Extensions

• inql - Burp extension for advanced GraphQL testing
• Logger++ - Burp extension, a multithreaded logging extension for Burp Suit
• param-miner - Burp extension, identifies hidden, unlinked parameters
• Oralyzer - a simple python script that probes for Open Redirection vulnerability in a website
• SQLiPy Sqlmap Integration - SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API
• ParamSpider - Parameter miner for humans
• gf - A wrapper around grep to avoid typing common patterns

Mindmaps for Bug Hunters

• XXE
• SSRF
• CORS
• Prototype Pollution

Red Team Attacks

• Insecure Interfaces and APIs - For Cloud
• Privilege escalation EC2
• SMTP

Secure Coding

• 2FA
• Password Reset
• Session Fixation
• Broken Object Level Authorization
• Broken Authentication
• Broken Object Property Level Authorization
• Unrestricted Resource Consumption
• Broken Function Level Authorization
• Unrestricted Access to Sensitive Business Flows
• Server Side Request Forgery
• Security Misconfiguration
• Improper Inventory Management
• Unsafe Consumption of APIs

---

All content of this repository will always be updated...