Bug bounty chat

02 Oct 2023 14:06

I am novice also friend

Bug bounty chat

02 Oct 2023 13:46

Hey friends. I am new in Cybersecurity. I have 0 knowledge. I am learning. I hope everyone will guide me.
Thanks & take love.

Bug bounty chat

02 Oct 2023 12:51

you will need to use frida along side burp
there are videos on youtube that would give you a detailed explanation
hit me up if you have issues setting it up

Bug bounty chat

02 Oct 2023 12:44

Is emulators a name of program like burp suite or not ?

Bug bounty chat

02 Oct 2023 12:34

I found this in android application is it important?

{"param500":1,"param501":0,"param502":"YKBYM15","prm2":"SP6mUG6uWQ3oCZPSJzwIoyIPAtgrLGlC6BP22afaLBo0jE5EvM2r7KdCXew8KBpS","prm3":"35420909103999","prm4":"967779080460","timeStp":"17-09-2023 19:26:45.557","check":1,"hash":"A2628833FDD5B6963FBAEA1080B3ECE78DC1F70D9D59E793818E07A2F24DD449","param18":"35420909103999","param1":"4486544324","param2":0.0,"param3":0,"param5":0}

The app to send money to the wallet of number 4486544324

But i can't catch the request becuase it's in android apps

Is there a tool like burpsuite to edit the requests of the android apps?

Bug bounty chat

02 Oct 2023 05:12

Hello friends, my name is Lucky or I want to start my career in bug bounty. Can anyone tell me that after finding the target, I do recon that like subdomain finding, directory brute forcing, subdomain take over all those things. what to do later? 🙂

Bug bounty chat

01 Oct 2023 14:30

ohh
sorry about that

Bug bounty chat

01 Oct 2023 14:28

yeah
i found it once before in the /.well-knowm/jwks endpoint

Bug bounty chat

01 Oct 2023 14:27

so its possible to find the hs256 key from endpoint or js?

Bug bounty chat

01 Oct 2023 14:24

i won't really call it algorithm confusion attack/bug.
i had the key so i just signed the token.
i think algorithm confusion involves signing an RS256 with a public key and changing the algorithm to HS256....But i maybe wrong

Bug bounty chat

01 Oct 2023 12:34

Should i report one by one or all.j. one report؟

Bug bounty chat

01 Oct 2023 12:23

this is p4 bug. i dont know if bugcrowd accept this type of bug😅

Bug bounty chat

30 Sep 2023 14:54

Yea sure lemme try coz I have jeard its been used for apple payment or smthn

Bug bounty chat

30 Sep 2023 12:25

Yeah
Dig deeper and know what the key is used for...

Bug bounty chat

30 Sep 2023 10:31

And am seein it for first time. I havent seen a report or writeup on it

Bug bounty chat

02 Oct 2023 14:01

lots to read and learn brother, enjoy and have fun!

Bug bounty chat

02 Oct 2023 12:52

Ok thank you , i will search.

Bug bounty chat

02 Oct 2023 12:47

Nope
Emulator is used to run Android apps on windows

Bug bounty chat

02 Oct 2023 12:42

Use emulator and intercept requests

Bug bounty chat

02 Oct 2023 09:57

is this valid? and can you describe as step to reproduce? like 1. 2. 3. like this?

Bug bounty chat

02 Oct 2023 04:16

What are these?
Hs256
RS256

Bug bounty chat

01 Oct 2023 14:29

i see. i always found rs256 in that endpoint and i try algorithm confusion but not work😅

Bug bounty chat

01 Oct 2023 14:27

oh no
it was HS256

Bug bounty chat

01 Oct 2023 14:26

yes its correct sorry i miss the HS256😅 i thought you found it in RS256

Bug bounty chat

01 Oct 2023 14:20

yeah algorithm confusion bug

Bug bounty chat

01 Oct 2023 12:34

Assume i have a bug in a program and it is on multi subdomains and also other domains which all in Scope

Bug bounty chat

30 Sep 2023 17:36

Sorry new in the game i need a guide

Bug bounty chat

30 Sep 2023 14:53

Really coz this name was put like 3 year back havent changed it lol

Bug bounty chat

30 Sep 2023 11:33

why did u steal my nickname

Bug bounty chat

30 Sep 2023 10:30

Well they asked for more information about the vulnerability