Bug Bounty Tip | Do This Exercise Every Day to Get Better at Finding XSS Bugs!

Подписаться 17 тыс.

Просмотров 10 тыс.

50% 1

This is my favorite exercise for learning to bypass XSS filters and weaponize XSS vulns in Public Bug Bounty Programs!
First, we build a Cross-Site Scripting (XSS) bug into a small web application. This forces us to understand exactly what an XSS vuln is and how it is introduced.
Next, look at a variety of payload options and see what XSS payloads work, depending on where the payload is reflected in the DOM.
After we have a working payload that allows us to weaponize the vulnerability, we "switch gears" and act as the developer tasked with remediation. Here, we research how to remediate XSS vulnerabilities and apply that fix to our code.
Finally, once the code is fixed, we put our "Red Team" hat on again to find a way to bypass our newly implemented controls.
This exercise forces you to look at the vulnerability from EVERY angle and I have personally seen it transform a researcher's approach to searching for XSS bugs.
I hope it helps!!
Discord - / discord
Hire Me! - ars0nsecurity.com
Watch Live! - / rs0n_live
Free Tools! - github.com/R-s0n
Connect! - / harrison-richardson-ci...

Опубликовано:

17 окт 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 58

@Ma3en 8 месяцев назад

I'm in burnout period man, and I just love seeing your videos, keep up the great work, you are the best, for me

@rs0n_live 8 месяцев назад

I'm so glad it's helpful!

@CaiN805 20 часов назад

thx for this awesome lesson. It's a greate idea to combine webdev process with bug bounty.

@ScriptKicker 7 месяцев назад

This is awesome. Cant wait for more like it.

@rs0n_live 7 месяцев назад

Thank you! I'm working on a similar video, now, for Command Injection and Code Injection :)

@michaelr.3799 8 месяцев назад

MIND BLOWN. Really appreciate the way you made this video.

@abhinavbansal9396 8 месяцев назад

Pls make video on how you find xss from start. In love vdp targets

@CMDying 8 месяцев назад

I appreciate all your knowledge. I'm trying dang hard to learn as much as possible, your videos are amazing!

@rs0n_live 8 месяцев назад

Thank you so much!

@brs2379 8 месяцев назад

Love the videos man ❤

@ReligionAndMaterialismDebunked 7 месяцев назад

Very thorough, and helpful video! Thanks, bro bro!

@SportingArenafast 7 месяцев назад

Thank you arson. This helps a lot.

@lifeofgrish 8 месяцев назад

I am really hoping to find that first one and i watch ur videos , appreciate you a lot bro .

@danc5790 8 месяцев назад

Great video!

@lxa1121 8 месяцев назад

This video is amazing! The have to build it to break it approach is perfect. Keep these videos coming. I'm surprised this doesn't have many views (which i'm guessing will change in the near future).

@rs0n_live 8 месяцев назад

I'm so glad it's helpful!! I will definitely be doing more of these in the future, and I'm going to keep switching up the language so we get a chance to see a variety of different web applications and frameworks. I'm actually working on Server-Side Template Injection (SSTI) for Flask right now! We will build a Flask app with a SQL connection, full authentication and Roll-Based Access Control (RBAC). After walking through actually finding the vuln, I'll show how to weaponize it to compromise the application and the server it's hosted on, and correlate each of those demonstrations with a Hactivity report or lab. I'm very excited about the new format! It's hopefully taking some of the best aspects of my different videos.

@lxa1121 8 месяцев назад

@@rs0n_live oh. I’m definitely watching that one. Can’t wait!

@user-so9kf5fq4c 8 месяцев назад

Great video! Thank you for your efforts! I hope you will succeed!

@user-so9kf5fq4c 8 месяцев назад

Is there a way to bypass the encoding of quotation marks in "?

@bandelaSuraj 5 месяцев назад

Great video man. Please make this a xss series and include bypass URL encoding and WAF and other xss complicated stuff

@Dayanandhansubramani-rj6tc 7 месяцев назад

simply Great Video Arson :)

@bountyproofs 4 месяца назад

Thanks for the great video

@mohamedashraf2575 8 месяцев назад

Can you share your methodology how get dom xss

@4liraah 6 месяцев назад

Great stuff

@phillydee3592 8 месяцев назад

Damn this was a great vid,especially for me that just started learning about web app testing!!

@rs0n_live 8 месяцев назад

I'm so glad it's helpful!

@ReligionAndMaterialismDebunked 7 месяцев назад

Haha. It would help the algorithm, indeed.

@rs0n_live 7 месяцев назад

Haha, thank you!!!

@danmcgirr4210 7 месяцев назад

The best!

@smurfs6975 8 месяцев назад

Would it be possible to inject, and say replace the html code tags 'h1' that already exist, with 'script'? So you will end up having Welcome ${name} instead of .... Or is this methode not available like in the html code?

@The_Ethical_TN 8 месяцев назад

Rs Excellent explanation brother ❤ Don't delay in continuing WAP test explanations Ur brother from Tunisia

@rs0n_live 8 месяцев назад

Thank you!!

@aquatester 8 месяцев назад

amazing video upload more like this

@abdonito8254 8 месяцев назад

Thank you rs i like watch your videos im my burnout period ❤️

@mohmino4532 8 месяцев назад

same here im in burnout but i must wach him tho 😅

@abdonito8254 8 месяцев назад

@@mohmino4532 haha good luck bro

@mohmino4532 8 месяцев назад

@@abdonito8254 u too ❤🏃‍♂️

@rs0n_live 8 месяцев назад

Haha, I'm so glad it's helpful! I can empathize with the burnout, too, hahaha. I'm sure we all can

@WebWonders1 7 месяцев назад

As i read your channel description i was a bit surprised how experienced you are seen your this video awesome exactly the man which is being described in channel description. Thanks bro for sharing such an amazing content. If you feel free i would like to pick your brain 🧠 some day and record a video 📷 to learn about your hacking journey 😊. Thanks again Regards Ilyas

@farrrrrrhaaaaan 8 месяцев назад

good stuff

@MustafaGains 2 месяца назад

Man i need help? In target 🎯 when i inject my payload into the javascript alert pop up 🔝 i tested this with different browsers and OS work all same. But when I inject the payload straight in the url of the target 🎯 its block me from doing that! Like i wanna confirm to validity of this vulnerability what should i do or that it self tells me it’s vulnerable to XSS and i should report it? Can’t wait to get ur advice and answer ❤

@challengeaccepted6382 6 месяцев назад

Can how to find xss in application/json contentype

@rs0n_live 6 месяцев назад

The process is the same, your goal is to be able to write to the DOM in some way. You need to find user-controlled input that is reflected in the server's response. Then, if possible, you need to find a payload that will allow you to write valid HTML elements to the DOM. Finally, you can injection JavaScript. My next video will be on Client-side Injection Testing and should help a lot!

@aryzen2781 3 месяца назад

how often do you find bugs in bug bounty programs?

@rs0n_live 3 месяца назад

It's very random and inconsistent. I've made over $15k in a weekend, but I've also spent months testing an app and got nothing. I always say bug bounty hunting is like an Easter Egg Hunt, which is appropriate considering the time I'm posing this, haha! It's not a penetration test, there is a huge amount of luck required in bug bounty hunting to find the vulnerable applications before other researchers do. You can expand your technical skills and build automation to improve your chances, but ultimately there's still a great deal of luck involved. Bug Bounty Hunting is a fantastic way to earn a bit of money while you learn offensive security concepts, but it's not a great choice if you are looking for consistent income.

@user-qk2wo3if2z 6 месяцев назад

I respect the matrix

@ReligionAndMaterialismDebunked 7 месяцев назад

Taylor Swift. Hehe. I listen to her sometimes, but usually just when someone else is already playing her. Her long-term music producer, and one of her bodyguards, are fellow Jewish people (I'm mixed, from America, but I live abroad).

@RezaTahmasb 2 месяца назад

nice!

@warnawarni5227 8 месяцев назад

nice

@ReligionAndMaterialismDebunked 7 месяцев назад

Learning how to weaponise stuff more is great to not be phased by PoC.

@amoh96 8 месяцев назад

anyone can help me bypass akami waf :( ? & Thank you sir we miss live videos alot

@mohamedashraf2575 8 месяцев назад

But still you can bypass < " '

@user-oc2lj4xc2x 4 месяца назад

Got a better view of xss

@BugBounty4u 7 месяцев назад

Love From Pakistan

@mr.koanti8035 8 месяцев назад

Great content , I hope you hit 100k subscriber soon , also i hope to make a collaboration if that is possible

@bakeery 6 месяцев назад

Thank you so much for such a great contents it really helps. Sometimes the payload rejected as a string on the page like 'Hi' how does that filtering works, can it be really byepass, i encountered several of this type of filter

@rs0n_live 6 месяцев назад

Thank you!! It all depends on how the application is sanitizing the input. I'm working on a new video on client-side injections that should help a lot, but as a general rule you will need to bypass one or more of these compensating controls: 1. Cookie Flags 6. Browser Security Headers 2. Content Security Policy (CSP) 3. Web Application Firewall (WAF) 4. Client-Side Validation 5. Server-Side Validation 7. Output Encoding