BugBountyHunter

As mentioned to the right, understanding how to use a web proxy tool such as Burp Suite or Fiddler is required. You should be able to confidently monitor HTTPS requests and be able to interact with them and changing data. For example sending a request on Burp suite to the repeater to test further on a certain parameter.

As well as this, knowledge on common web application vulnerabilities will be required before attempting BARKER. Our entire website contains information relating to various vulnerability types, as well as zseano's methodology, and we highly recommend you utilise all of this when testing on BARKER to help you.

Whilst there is a mobile website for BARKER you DO NOT need to know mobile testing as there is no mobile app and it is just a web application.

We hope after utilising all of our information on our site, practising hacking on our web applications and following zseano's methodology you will be able to discover web application vulnerabilities on bug bounty programs at ease and become exactly what you've been practising to be..

..a bug bounty hunter! This means applying what you learn on our web applications on real bug bounty programs in the hope for a bounty!

We have three web applications available, BARKER , KREATIVE and FirstBlood. They work just like a real website would in the sense you can register, login, post content etc, and zseano's methodology is all about testing a main web application. The two together combined should be enough to help jump start your bug bounty journey and understand the mindset behind discovering vulnerabilities, as well as constructing an approach and adopting the mindset.

• You may scan for files/directories but please limit your scans to 3 requests per second.


• Be professional. Treat our web applications as you would a live production server. Don't make it fall over and don't attempt to access or download & store source code and sensitive files relating to the docker instance.
  For bugs such as SSRF, we have placed intentional files for you to try access.


• Set your aim on looking for common Web application vulnerabilities such as XSS, CSRF, SSRF, IDOR, RCE, Information leaks, Application/Business logic issues. Test how the various features work and have fun!


• No fully automated security vulnerability scanning tools (such as Nessus)
  Where's the fun in letting a tool do all the work? We recommend you practise on our scope manually and learn how things work rather than relying on a tool. What we mean by this is not running something like Nessus and letting something automatically scan and send requests throughout the web application. You can use tools after a potential discovery such as sqlmap for SQL injections.


• We do not currently consider rate limiting/brute forcing an issue
  Even though these issues are accepted as valid on some bug bounty programs, we have not intentionally included any rate limiting or bugs that require brute forcing on BARKER

You can find the Top 10 OWASP vulnerabilities across our web applications such as:

• Cross Site Scripting (Reflective, DOM, Stored). You will also discover various filters you will need to bypass too!
• Cross Site Request Forgery - Learn how to test if it's implemented securely.
• Server Side Request Forgery - Can you read any internal sensitive files? Some filters may stand in your way!
• Remote code execution - Can you execute your own .php code on BARKER?
• Information leaks - From issues such as GraphQL misconfigurations, leaked API keys.
• Application/Business logic issues - Break those features on BARKER!

You will also discover Insecure direct object reference, XXE, Authorisation Issues, Cross Origin Sharing and Server misconfigurations. There's over 100+ unique vulnerabilities to discover and you will most certaintly be occupied!

After discovering an issue you can then submit a report for triage. When creating a report it is recommended that you include information about what you have discovered such as the vulnerability type, vulnerable parameter, payload, and url affected, as well as information around the issue such as impact, but most importantly including a proof of concept. We should be able to easily replicate the issue described with a step by step process.

Triage can take up to 7 days however once triaged, if your report has been deemed valid then a unique BARKER-ID will be assigned. Multiple IDs can be assigned to one report. The more vulnerabilities you discover the higher the level you reach!

Bug chaining is completely optional. You can submit bugs singular, or you can chain multiple issues together in one report. For example for issues such as XSS you do not need to always chain it to prove the impact (such as showing you could do account takeover) however explaining the impact is recommended as it is best practise for when submitting on bug bounty programs. Sometimes not all XSS have the same impact (unauthenticated XSS for example).

With that said, you can chain something such as XSS to do an account takeover if you wish and create an epic report. Our web applications are your playground to practise what it's like to hunt for bugs and create a report for someone to triage/reproduce, as well as playing with various vulnerability types to see what they can do. Enjoy it, have fun! This entire experience is here for you to play and gain confidence with testing and creating reports!

Yes! Join a welcoming community of like-minded caring invididuals on Discord ready to help you with your hunt on our web applications. We have some extremely talented security researchers ready to help ease your queries or doubts and you can even team up to collaborate on our web applications together. As you reach Level 2 you will be invited to our #hacking-events channel where you can then also team up for our events.

BugBountyHunter membership isn't just about learning, you also join a family.

Please note when joining BugBountyHunter you will receive lifetime access to the discord.