Amsterdam, Hackyx, and XSS
• publicTable of contents
Hey everyone, I'm currently in Amsterdam. That's my first time here and I have to say that it's a really great city.
It's also the first time that I've seen that much weed everywhere, and also the red district and so on, but it's not the place to talk about all of these 👀.
I really love the mood of the city and there is so much great coffee to work so it's perfect. Next week, I'll move to Berlin.
The Launch of Hackyx
This week, I also officially launched hackyx.io, the search engine I built especially for cybersecurity. I really think that it can help a lot in finding resources related to any type of vuln.
I wanted it to be fully open-source, so anyone can add a website or any content. I tried to already put a lot of content to have something usable at the beginning.
It took me a lot of time, but I was able to scrape all the CTF write-ups from ctftime and also hackerone public reports. So we already have more than 20k content indexed.
The next step for me is to add better features like filtering using tags, vulnerability, CVE, or CWE.
There is also @Wlayzz who wrote a parser for huntr.dev. I'm gonna add them later this week.
Deep understanding of Client Side vulnerabilities
As I'm currently using jswzl, I'm focusing more on client-side vulnerabilities. And someone sent me this really great article about a lot of client-side issues.
If you want to understand any of these vulnerabilities, it's a really great start and everything is clear using a lot of examples, so check it out.
For the moment, the use of jswzl is quite nice. I didn't find vulnerabilities with it but I found some interesting paths and ideas I didn't have before, so it was helpful.
Vulnerabilities found
This week, I wasn't very focused on bug bounty I was more on building hackyx. But, I took a morning to look at a private program I like and to dig deep into the client-side part.
I already looked at a lot of places and nothing was found previously. And I found that this app has a gift feature. So you can buy a subscription voucher for someone else. But it's not cheap, so I was like should I buy one to see what happens?
Every top hacker I talked to tells me that if you want to find more vulnerabilities, you will have to pay at some point. And try to use the paid features because not a lot of people will pay for it, so it can be a gold mine.
And every time I paid for a service, it was "easier" to find something. It's not always the case, but you will have more chances to be not duplicated.
So this time again, I paid for this gift, and I found an HTMLi when someone tried to apply for this gift. I was finally able to change it to a XSS, and then I found a big impact by stealing money directly from the account of the impacted user.
Finally, this was a duplicate, but it was fun to find a way to escalate it.
Ideas / Notes / Resources
- I will make my own ad, but if you want to contribute or you have any ideas for features for hackyx.io, you can send me a PM.
- A new great workflow was made on Caido to find links and paths, that's nice to see how the community is pushing it to be as great as Burp can be