My Bug Bounty Methodology

⌘Ctrlk

My Bug Bounty Methodology

Active Directory Hacking
Page 4
Helping Tools
Burp Manual Testing
XSS
Open Redirect
SQL injection
Local file inclusion (LFI)
Web Security Testing Checklist
My Concept
Time Based SQL Injection
Android Pentesting
OIS Pentesting
WEB Pentesting
AD Pentesting
Cloud Pentesting
API Traning
Page 3
🇵🇰XSS & Open Redirect
VU QUIZ, Assignment, Lectures
Mid Datasheet
My Bash & Python Scripts
💎My methodology
My Nuclei templates
My Hunting Approach on Login
Page
Find LFI and Path Traversal
My Hunting Approach on File Upload
My Hunting Approach Step-2
🔍Google Dork Recon
Injection Pentest POC
Information Disclosure POC
Open Redirect POC
HTML injection POC
SQL injection POC
Reflected XSS POC
SSTI Injection POC
Improper Access Control
DOM XSS POC
Stored XSS POC
SSRF POC
LFI POC
RFI POC
Email Spoofing
👑Find Subdomains
🔥Improper Access Control - Generic (CWE-284)
📧NO RATE LIMIT
™️HTML Injection (CWE-79)
💥Open Redirect (CWE-601)
⭐CSRF
💎Command Injection
💸Server Side Request Forgery (SSRF)
😎Local File Inclusion (LFI)
💳File Upload Vulnerabilities
💰Code Injection (RCE)
🕯️IDOR TO Account Takeover
🤠Business Logic Errors
🤩Api Testing
💉My Open Redirect Methodology
🏍️My XXE Methodology
📍Subdomain Takeover
😎WorldPress Testing
⚡Tools Setup
😍CVE Exploit
💯WAF or Cloudflare Bypass
🏁My Synack Report Methodology
Create Custom Nuclei Template
🏳️One-Liners For Bug Hunting
All Bug Exploit Notes
eWPTXv3
Bug Hunter Handbook
📱Android Pentesting
Job Interview Questions
My Target: Web.com
xss 1
sqli
🧠Impacts of Bugs
Facet Analysis
Traffic from WSL to Burp Suite

Powered by GitBook

On this page

Reconnaissance Phase
📝 Registration Feature Testing
🔐 Session Management Testing
🔑 Authentication Testing
👤 My Account (Post Login) Testing
🔓 Change/Forgot Password Testing
📧 Contact Us Form Testing
🏦 Paid Application Testing
🛒 Product Purchase Testing
🏦 Banking Application Testing
🛡️ CSRF Testing
💰 Amount Manipulation Testing
🔐 SSO Vulnerabilities
📄 XML Injection Testing

Web Security Testing Checklist

Reconnaissance Phase

Identify web server, technologies and database
IP Enumeration and Service Enumeration
Google Dorking
GitHub Recon
Directory Enumeration
IP Range Enumeration
JavaScript Files Analysis
Subdomain Enumeration and Bruteforcing
Subdomain Takeover
Parameter Fuzzing
Port Scanning
Template-Based Scanning (Nuclei)
Wayback History
Internet Search Engine Discovery
Misconfigured Cloud Storage

📝 Registration Feature Testing

Check for duplicate registration / overwrite existing user
Check Email Authentication bypass
Check Email HTML Injection via First Name
Check Email HTML Injection to ATO via First Name
Check Open Redirect While Registration
Check Open Redirect to ATO While Registration
Check Open Redirect to DOM XSS While Registration
Check Stored XSS via xss Payload in Username
Check for weak password policy
Check for reuse of existing usernames
Check for insufficient email verification
Allows disposable email addresses
Registration over HTTP
Overwrite default web app pages via crafted usernames

🔐 Session Management Testing

Identify actual session cookie
Decode cookies using standard algorithms
Modify cookie/session token value
Check cookie expiration date/time
Identify cookie domain scope
Check HttpOnly flag
Check Secure flag (HTTPS)
Test session fixation
Replay session cookie from different IP/device
Concurrent login from other devices/IPs
Check for sensitive user info stored in cookie
Session not invalidated on Email Change / 2FA Activation

🔑 Authentication Testing

Username enumeration
Bypass authentication via SQL injection
Lack of password confirmation (email change, password change, 2FA)
Credentials transmitted over SSL
Test account lockout mechanism
Bypass rate limiting via User-Agent tampering
Bypass rate limiting with null byte
Generate wordlist via CEWL
Test OAuth login
Test MFA enforcement
Default credentials testing
Weak login error messages
Brute-force protections
Password reset poisoning attempts

👤 My Account (Post Login) Testing

Parameter tampering to change other user’s data
Post-login change email/password/account details
EXIF GeoLocation leakage in image uploads
Check account deletion option
Brute-force other user’s password (post-auth)

🔓 Change/Forgot Password Testing

Session not invalidated after logout/password reset
CSRF on Email Change
CSRF on Password Change
Tamper reset link/code to change other user's password
Weak password reset implementation
Continuous password reset request spamming

📧 Contact Us Form Testing

CAPTCHA implementation
File upload security testing
Blind XSS testing

🏦 Paid Application Testing

Signup with both free and paid accounts. Look for features which are limited to only paid account.
Gather requests of those paid features in Burp Suite from paid account.
Now execute those requests using free account session cookies.
Features shown paid (locked) on UI, may be accessible through direct request.

🛒 Product Purchase Testing

Tamper product ID, gift card, voucher count/value
Tamper cart ID, shipping address
Tamper payment parameters
Guess order tracking numbers
Modify other user’s wishlist
Cancel/modify other user’s orders

🏦 Banking Application Testing

User A viewing User B’s account
Balance tampering / transfer manipulation
Stop-payment abuse
View/modify other user’s enquiry status
Add payee without validation

🛡️ CSRF Testing

Bypass Anti-CSRF token
Double submit cookie attack
Bypass Referrer / Origin validation
Exploit SameSite cookie attributes

💰 Amount Manipulation Testing

Apply valid coupon to incorrect request
Order and cancel to manipulate refund
Add negative value to get refund
Negative order totals
Race condition to double-charge/double-spend
Flood product requests to reduce value
Change 555 → 001 (digit validation bypass)
Change amount to 0 or empty
Change currency to reduce amount

🔐 SSO Vulnerabilities

Redirect URI manipulation
SAML request/response tampering
UUID/Identity spoofing
XML Signature Wrapping + XXE

📄 XML Injection Testing

Inject XML payload and observe output

PreviousLocal file inclusion (LFI)NextAPI Security Testing Checklist

Last updated 1 month ago

Reconnaissance Phase
📝 Registration Feature Testing
🔐 Session Management Testing
🔑 Authentication Testing
👤 My Account (Post Login) Testing
🔓 Change/Forgot Password Testing
📧 Contact Us Form Testing
🏦 Paid Application Testing
🛒 Product Purchase Testing
🏦 Banking Application Testing
🛡️ CSRF Testing
💰 Amount Manipulation Testing
🔐 SSO Vulnerabilities
📄 XML Injection Testing

hashtagReconnaissance Phase

hashtag📝 Registration Feature Testing

hashtag🔐 Session Management Testing

hashtag🔑 Authentication Testing

hashtag👤 My Account (Post Login) Testing

hashtag🔓 Change/Forgot Password Testing

hashtag📧 Contact Us Form Testing

hashtag🏦 Paid Application Testing

hashtag🛒 Product Purchase Testing

hashtag🏦 Banking Application Testing

hashtag🛡️ CSRF Testing

hashtag💰 Amount Manipulation Testing

hashtag🔐 SSO Vulnerabilities

hashtag📄 XML Injection Testing

Reconnaissance Phase

📝 Registration Feature Testing

🔐 Session Management Testing

🔑 Authentication Testing

👤 My Account (Post Login) Testing

🔓 Change/Forgot Password Testing

📧 Contact Us Form Testing

🏦 Paid Application Testing

🛒 Product Purchase Testing

🏦 Banking Application Testing

🛡️ CSRF Testing

💰 Amount Manipulation Testing

🔐 SSO Vulnerabilities

📄 XML Injection Testing