🔏
roguebook
  • group
    • Web
      • Concepts
      • OAuth 2.0
      • File upload
      • API testing
      • Web Cache Decpetion
      • CORS
      • CSRF
      • Cross site web socket hijacking
      • XS-Leaks
    • Bug Bounty
      • Recon
        • Dorking
          • SSL Checker
        • Wordlists
          • Twitter wordlist suggestions
      • Tips & Tricks
        • Combined
        • CSP Bypasses & open redirect
        • 403 Bypass
        • Arrays in JSON
        • Open Redirect
        • Next.js Application
        • Locla File Read
        • External Link
        • xss bypass
        • CSRF cors bypass
        • ssrf
      • Talks/Interviews/Podcasts
        • Bug Bounty Talks
        • Podcasts
          • Critical Thinking - Bug Bounty Podcast
            • Learning
      • Tools
    • Android
      • Getting Started
      • Intent Attack Surface
      • Broadcast Receivers
      • Android Permissions
      • Android Services
      • Content and FileProvider
      • WebView & CustomTabs
      • Insecure Storage
      • Tips & Tricks
    • Thick Client
      • Lab Setup
      • Information Gathering
      • Traffic analysis
      • Insecure Data storage
      • Input validation
      • DLL hijacking
      • Forensics
      • Extra resources
    • OSINT
      • OpSec
    • Malware Analysis
      • Lab Setup
      • Networking
      • Tools
      • Malware source
      • Basic Static Analysis
      • Basic Dynamic Analysis
      • Advanced Analysis
      • Advanced Static Analysis
      • Advanced Dynamic Analysis
      • Malicious Document Analysis
      • Shellcode Analysis
    • Malware Development
    • Blue Team
      • Tools
      • Malware Analysis
        • Basic Static Analysis
    • Assembly
      • Instructions
    • Binary Exploitation
    • Infographics
    • Malware Analysis
    • Threat Modeling
Powered by GitBook
On this page
  • 1. Read minified JS files.
  • 2. Dependency confusion
  • 3. Null byte injection in JSON data type.
  • 4. recollapse tool by 0xacb
  • 5. Portswigger URL validation cheatsheet
  1. group
  2. Bug Bounty
  3. Tips & Tricks

Combined

Too many tips, can't keep adding new subpages.

PreviousTips & TricksNextCSP Bypasses & open redirect

Last updated 2 days ago

1. Read minified JS files.

2. Dependency confusion

Apart from famoous alex blog

How to publish packages:

3. Null byte injection in JSON data type.

%00 is null character and it often leads to unexpected behavior in applications. Don't believe me? search for sam curry null byte overflow writeup. You will love it.

However if you send %00 in JSON data it might not be treated as null character by JSOn parser.

You should instead use \u0000 .

Extra tip \u2063 is also a special space like character might be useful in fuzzing.

4. recollapse tool by 0xacb

This tool can be useful for validation bypass checks

5. Portswigger URL validation cheatsheet

good resource for url validation scenarios.

More js endpiint extraction:

Tool to check:

one more e.g

https://lnkd.in/gcwrJSxC
https://github.com/visma-prodsec/confused
https://dhiyaneshgeek.github.io/web/security/2021/09/04/dependency-confusion/
https://medium.com/@0xold/null-byte-on-steroids-23f8104a25ec
Extracting JavaScript from SourcemapsPulse Security
LogoGitHub - 0xacb/recollapse: REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsGitHub
LogoURL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 Edition | Web Security AcademyWebSecAcademy
LogoRCE due to Dependency Confusion — $5000 bounty!Medium
LogoGitHub - denandz/sourcemapper: Extract JavaScript source trees from Sourcemap filesGitHub
LogoRCE via Dependency ConfusionMedium