I really like to know.
-
what kinds of skills do you need to learn to become a BugHunter?
-
That is a great question, Penny!
There are a variety of skills that will help you be a successful Bug Hunter. Let's start with web skills.
You need to have a pretty good understanding of what's happening behind the scenes when a web request is made. This includes things like
- POST/GET Requests
- HTML in general
- Cookies/Tokens/Sessions familiarity
- URL attributes/construction/encoding
- Authentication mechanisms
- Javascript (basic understanding)
- PHP (basic understanding)
- XML (basic understanding)
- REST/SOAP familiarity can be helpful
- Familiarity with common web services like
- Apache/NGINX/IIS
Once you understand the web systems, you can better exploit them. There are common exploits that you'll need to be familiar with such as...
- Open Redirects
- Sub-Domain Takeover
- HTTP Parameter Pollution
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Injection Attacks
- SQL Injection
- Code Injection
- HTML/PHP/Python/etc.
- XML External Entities
- Insecure Direct Object References (IDOR)
- OAuth
- Remote Code Execution (RCE)
- Server Side Request Forgery (SSRF)
This list goes on and on, but these are the vulnerabilites you're going to be looking for when hunting for bugs in a web application.
I've alluded to this already, but getting some programming experience will be SUPER helpful. Web apps are built with languages like PHP, Python, RUST, Go, Haskell, HTML, Javascript, and others, so getting the basics of some web languages will allow you to use them to your advantage when you find them powering your target.
You'll also need to get more than familiar with the tools of the trade. These include, but are not limited to...
- Burp Suite
- OWASP ZAP
- Sublist3r
- Masscan
- Recon-ng
- theHarvester
- SQLmap
- SQLninja
- Nikto
- Dirb/Gobuster
- WPScan
- Joomscan
- Droope
- w3af
- Netsparker
- Arachni
There are other skills you don't typically hear about or think about when it comes to being a bug hunter. These are skills like Enumeration and Report Writing.
You need to be good at systematically clicking every link, reading every page's source code, looking at every web request in BurpSuite, and finding every shred of information about your target. Remember, Google is your friend and so is Shodan and duckduckgo.
When you find a bug, you'll need to report it. This can be done directly or if you've got an account with Hackerone and/or Bugcrowd, you submit through their official channels. These reports need to follow a specific format and have specific information in them. Both Hackerone and Bugcrowd have excellent resources to explain how to write up good reports that will be accepted by their clients, so read them like 10 times. Spelling and grammar mistakes are frowned upon, so triple check for errors. Make sure that you're submitting something in-scope of the bug bounty program otherwise it will be rejected. Be prepared for the fact that you might not be first to report a bug and have your bug not pay out because it's a duplicate submission.
Speaking of great resources, many of the tools, techniques, and technologies listed here are covered in our course library. Pentest+ and/or CEH should have much of these and I've taken great care to SHOW you them and not just tell you they exist.
Hackerone has a FREE Bug Bounty CTF that you can actually earn your way toward invites to private bug bounty programs.
Other learning resources that will give you some "hands-on" experience and practice...
- BWAPP (Buggy Web Application)
- XVWA
- DVWA and Multillidae are both loaded in Metasploitable2
- Pentesterlab is awesome
- Read "The Web Application Hacker's Handbook 2"
- Watch "Bug Bounty Hunter Methodology v3" by Jason Haddix
- Read "Web-Hacking 101"
Well, I know that was a lot for a short question, but hopefully you've found this helpful and informative. There is so much more to this as you go down the rabbit hole, but this should be good to get you started.
Cheers,
Daniel LowrieITProTV
Show Host -
@daniel-lowrie87 said in what kinds of skills do you need to learn to become a BugHunter?:
xperience will be SUPER helpful. Web apps are built with languages like PHP, Python, RUST, Go, Haskell, HTML, Javascript, and others, so getting the basics of some web languages will allow you to use them to your advantage when you find them powering your target.
You'll also need to get more than familiar with the tools of the trade. These include, but are not limited to...Burp Suite
Thanks, all of the info you provided in this post I think will be superhelpful