Member-only story
Bug Bounty Hunt : Playbook
4 min readJan 30, 2025
Broken Access Control
Test Method: Bypass user authentication or try unauthorized access to data.
Example: IDOR (Insecure Direct Object Reference)
1. Intercept the request using Burp Suite or Postman.
2. Modify the 'user_id' or 'document_id' to a different value.
Example request:
GET /user/profile?user_id=1234 HTTP/1.1
Host: target.com
Cookie: sessionid=abcd12343. Change the ID:
GET /user/profile?user_id=5678 HTTP/1.1
Host: target.com
Cookie: sessionid=abcd1234Check if unauthorized information is accessible.
Force Browsing Admin URLs:
wfuzz -c -z file,/path/to/wordlist.txt --hc 404
https://target.com/admin/Sensitive Data Exposure
Test Method: Find exposed credentials, API keys, and other
sensitive data in requests or responses.
Searching JavaScript for Exposed Keys
Command:
grep -R "apikey\|password\|secret"
/path/to/website/Capturing Traffic with Wireshark
1. Command to capture HTTP traffic:
sudo wireshark
