Bug Bounty Tip | Do This Exercise Every Day to Get Better at Finding XSS Bugs!
Рет қаралды 12,777
Күн бұрынThis is my favorite exercise for learning to bypass XSS filters and weaponize XSS vulns in Public Bug Bounty Programs!
First, we build a Cross-Site Scripting (XSS) bug into a small web application. This forces us to understand exactly what an XSS vuln is and how it is introduced.
Next, look at a variety of payload options and see what XSS payloads work, depending on where the payload is reflected in the DOM.
After we have a working payload that allows us to weaponize the vulnerability, we "switch gears" and act as the developer tasked with remediation. Here, we research how to remediate XSS vulnerabilities and apply that fix to our code.
Finally, once the code is fixed, we put our "Red Team" hat on again to find a way to bypass our newly implemented controls.
This exercise forces you to look at the vulnerability from EVERY angle and I have personally seen it transform a researcher's approach to searching for XSS bugs.
I hope it helps!!
Discord - / discord
Hire Me! - ars0nsecurity.com
Watch Live! - / rs0n_live
Free Tools! - github.com/R-s0n
Connect! - / harrison-richardson-ci...
@Ma3en 11 ай бұрын
I'm in burnout period man, and I just love seeing your videos, keep up the great work, you are the best, for me
@rs0n_live 11 ай бұрын
I'm so glad it's helpful!
@CaiN805 3 ай бұрын
thx for this awesome lesson. It's a greate idea to combine webdev process with bug bounty.
@abhinavbansal9396 11 ай бұрын
Pls make video on how you find xss from start. In love vdp targets
@ReligionAndMaterialismDebunked 10 ай бұрын
Taylor Swift. Hehe. I listen to her sometimes, but usually just when someone else is already playing her. Her long-term music producer, and one of her bodyguards, are fellow Jewish people (I'm mixed, from America, but I live abroad).
@legendsofilluminati503 13 күн бұрын
We do need part two or may be up to part ten for this video .This is really a next level work.
@user-ye7nd3oh4p Ай бұрын
nice bug bounty edducation ı have ever seen . ı subscribed
@challengeaccepted6382 9 ай бұрын
Can how to find xss in application/json contentype
@rs0n_live 9 ай бұрын
The process is the same, your goal is to be able to write to the DOM in some way. You need to find user-controlled input that is reflected in the server's response. Then, if possible, you need to find a payload that will allow you to write valid HTML elements to the DOM. Finally, you can injection JavaScript. My next video will be on Client-side Injection Testing and should help a lot!
@ScriptKicker 10 ай бұрын
This is awesome. Cant wait for more like it.
@rs0n_live 10 ай бұрын
Thank you! I'm working on a similar video, now, for Command Injection and Code Injection :)
@markgilt.culaway25 2 ай бұрын
thanks a lot!!
@BaabuBhaiya-p6u 9 ай бұрын
I respect the matrix
@technicalinformer4034 Ай бұрын
Brooo Hats off man .....Hats Off...🎩 Please make more videos like this and on other vulnerability as welll❤❤❤❤
@aryzen2781 6 ай бұрын
how often do you find bugs in bug bounty programs?
@rs0n_live 6 ай бұрын
It's very random and inconsistent. I've made over $15k in a weekend, but I've also spent months testing an app and got nothing. I always say bug bounty hunting is like an Easter Egg Hunt, which is appropriate considering the time I'm posing this, haha! It's not a penetration test, there is a huge amount of luck required in bug bounty hunting to find the vulnerable applications before other researchers do. You can expand your technical skills and build automation to improve your chances, but ultimately there's still a great deal of luck involved. Bug Bounty Hunting is a fantastic way to earn a bit of money while you learn offensive security concepts, but it's not a great choice if you are looking for consistent income.
@MustafaGains 5 ай бұрын
Man i need help? In target 🎯 when i inject my payload into the javascript alert pop up 🔝 i tested this with different browsers and OS work all same. But when I inject the payload straight in the url of the target 🎯 its block me from doing that! Like i wanna confirm to validity of this vulnerability what should i do or that it self tells me it’s vulnerable to XSS and i should report it? Can’t wait to get ur advice and answer ❤
@smurfs6975 11 ай бұрын
Would it be possible to inject, and say replace the html code tags 'h1' that already exist, with 'script'? So you will end up having Welcome ${name} instead of .... Or is this methode not available like in the html code?
@amoh96 11 ай бұрын
anyone can help me bypass akami waf :( ? & Thank you sir we miss live videos alot
@WebWonders1 10 ай бұрын
As i read your channel description i was a bit surprised how experienced you are seen your this video awesome exactly the man which is being described in channel description. Thanks bro for sharing such an amazing content. If you feel free i would like to pick your brain 🧠 some day and record a video 📷 to learn about your hacking journey 😊. Thanks again Regards Ilyas
@bastianobsztyfitykultykiew4331 2 ай бұрын
youre making great vids man
@CMDying 11 ай бұрын
I appreciate all your knowledge. I'm trying dang hard to learn as much as possible, your videos are amazing!
@rs0n_live 11 ай бұрын
Thank you so much!
@michaelr.3799 11 ай бұрын
MIND BLOWN. Really appreciate the way you made this video.
@mohamedashraf2575 11 ай бұрын
Can you share your methodology how get dom xss
@mohamedashraf2575 11 ай бұрын
But still you can bypass < " '
@ReligionAndMaterialismDebunked 10 ай бұрын
Haha. It would help the algorithm, indeed.
@rs0n_live 10 ай бұрын
Haha, thank you!!!
@bandelaSuraj 8 ай бұрын
Great video man. Please make this a xss series and include bypass URL encoding and WAF and other xss complicated stuff
@awais0x1 10 ай бұрын
Love From Pakistan
@brs2379 11 ай бұрын
Love the videos man ❤
@Bugua254 7 ай бұрын
Got a better view of xss
@RezaTahmasb 5 ай бұрын
nice!
@lifeofgrish 11 ай бұрын
I am really hoping to find that first one and i watch ur videos , appreciate you a lot bro .
@cashgamers3133 Ай бұрын
Did you get one?
@lxa1121 11 ай бұрын
This video is amazing! The have to build it to break it approach is perfect. Keep these videos coming. I'm surprised this doesn't have many views (which i'm guessing will change in the near future).
@rs0n_live 11 ай бұрын
I'm so glad it's helpful!! I will definitely be doing more of these in the future, and I'm going to keep switching up the language so we get a chance to see a variety of different web applications and frameworks. I'm actually working on Server-Side Template Injection (SSTI) for Flask right now! We will build a Flask app with a SQL connection, full authentication and Roll-Based Access Control (RBAC). After walking through actually finding the vuln, I'll show how to weaponize it to compromise the application and the server it's hosted on, and correlate each of those demonstrations with a Hactivity report or lab. I'm very excited about the new format! It's hopefully taking some of the best aspects of my different videos.
@lxa1121 11 ай бұрын
@@rs0n_live oh. I’m definitely watching that one. Can’t wait!
@ReligionAndMaterialismDebunked 10 ай бұрын
Very thorough, and helpful video! Thanks, bro bro!
@mr.koanti8035 11 ай бұрын
Great content , I hope you hit 100k subscriber soon , also i hope to make a collaboration if that is possible
@abdonito8254 11 ай бұрын
Thank you rs i like watch your videos im my burnout period ❤️
@mohmino4532 11 ай бұрын
same here im in burnout but i must wach him tho 😅
@abdonito8254 11 ай бұрын
@@mohmino4532 haha good luck bro
@mohmino4532 11 ай бұрын
@@abdonito8254 u too ❤🏃♂️
@rs0n_live 11 ай бұрын
Haha, I'm so glad it's helpful! I can empathize with the burnout, too, hahaha. I'm sure we all can
@ReligionAndMaterialismDebunked 10 ай бұрын
Learning how to weaponise stuff more is great to not be phased by PoC.
@Dayanandhansubramani-rj6tc 10 ай бұрын
simply Great Video Arson :)
@aquatester 11 ай бұрын
amazing video upload more like this
@bountyproofs 7 ай бұрын
Thanks for the great video
@4liraah 9 ай бұрын
Great stuff
@farrrrrrhaaaaan 11 ай бұрын
good stuff
@warnawarni5227 11 ай бұрын
nice
@The_Ethical_TN 11 ай бұрын
Rs Excellent explanation brother ❤ Don't delay in continuing WAP test explanations Ur brother from Tunisia
@rs0n_live 11 ай бұрын
Thank you!!
@SportingArenafast 10 ай бұрын
Thank you arson. This helps a lot.
@danmcgirr4210 10 ай бұрын
The best!
@danc5790 11 ай бұрын
Great video!
@easy_man_12 11 ай бұрын
Great video! Thank you for your efforts! I hope you will succeed!
@easy_man_12 11 ай бұрын
Is there a way to bypass the encoding of quotation marks in "?
@phillydee3592 11 ай бұрын
Damn this was a great vid,especially for me that just started learning about web app testing!!
@rs0n_live 11 ай бұрын
I'm so glad it's helpful!
@bakeery 9 ай бұрын
Thank you so much for such a great contents it really helps. Sometimes the payload rejected as a string on the page like 'Hi' how does that filtering works, can it be really byepass, i encountered several of this type of filter
@rs0n_live 9 ай бұрын
Thank you!! It all depends on how the application is sanitizing the input. I'm working on a new video on client-side injections that should help a lot, but as a general rule you will need to bypass one or more of these compensating controls: 1. Cookie Flags 6. Browser Security Headers 2. Content Security Policy (CSP) 3. Web Application Firewall (WAF) 4. Client-Side Validation 5. Server-Side Validation 7. Output Encoding
Bug Bounty Reports Explained
Рет қаралды 26 М.
David Bombal
Рет қаралды 170 М.
Иван Гончаров
Рет қаралды 84 М.
BePractical
Рет қаралды 21 М.
Bug Bounty Reports Explained
Рет қаралды 27 М.