Hey , three days ago i was hunting at “HackerOne” which is a famous Bug Bounty Platform . I started searching and brute forcing for subdomains to have a better chance to find a bug .
Tip 1 : Finding a Bug in a subdomain is somehow easier than the original domain .
Ten minutes later i found 17 subdomains some of them are out of scope so i excluded them , started checking if any of them vulnerable to the Subdomain Takeover .
Bad luck !!! none of them was vulnerable so i tried many of common vulnerabilities .
Again nothing happened . I didn’t realize that i spent 7 hours searching .
Time’s up i should take a break , after the break i continued with the same methodology which is ” don’t following a one ” :’D and hence nothing worked for me , testing and nothing appear .
Tip 2 : Taking a break after searching for hours is sometimes all what you want .
I Give up , something is wrong .. I forgot the main rule ” Understanding how the application works is the half of road ” i knew that i spent 2 days searching for nothing . I started again from the scratch with a methodology .
Tip 3 : You should always have a methodology to deal with a multi functional web applications .
Some known methodologies ” Pick what is suitable for you ” :
1 : Web application penetration testing methodology .
2: Web Application Hacker’s Handbook 2nd edition’s methodology (Book) .
3: Bug Bounty Hunter Methodology v3 .
4: Jhaddix’s methodology ( Github repo) .
Null0xp 