1 00:00:02,310 --> 00:00:03,130 Hello, everyone. 2 00:00:03,780 --> 00:00:14,520 So in this video, we are going to see how to start with a bug bounty, so this is the first platform 3 00:00:14,530 --> 00:00:15,500 that is background. 4 00:00:15,990 --> 00:00:21,700 So in this video, I'm going to teach you how you can start your journey on background. 5 00:00:22,230 --> 00:00:27,850 So basically, this is a road map video for hunting bugs onto this platform. 6 00:00:28,620 --> 00:00:32,520 So as you can see, I have open background that come into my Web browser. 7 00:00:33,930 --> 00:00:37,380 You can just type background dot com into your browser. 8 00:00:37,380 --> 00:00:44,580 Also just navigate to the researcher portal because it is such a portal is where we are going to sign 9 00:00:44,580 --> 00:00:46,740 up and start hunting for bugs. 10 00:00:47,670 --> 00:00:49,650 So after clicking on the research portal, 11 00:00:53,040 --> 00:00:55,170 you can see this page. 12 00:00:56,370 --> 00:01:03,420 So just click on create account after creating after clicking on the create account, try to fill all 13 00:01:03,420 --> 00:01:05,070 the necessary details over here. 14 00:01:05,490 --> 00:01:06,660 So let's say a user username. 15 00:01:06,660 --> 00:01:10,040 I type baby hacker in the e-mail address. 16 00:01:10,050 --> 00:01:11,820 Let me take my email address. 17 00:01:11,820 --> 00:01:16,140 Hacker dot udemy A.T.M. dot com in the password. 18 00:01:16,200 --> 00:01:18,600 Let me take a password for this account 19 00:01:21,660 --> 00:01:23,100 in the phone password. 20 00:01:23,490 --> 00:01:25,110 Let me confirm the password 21 00:01:27,990 --> 00:01:30,270 and let me just hit on sign up. 22 00:01:32,760 --> 00:01:33,450 Perfect. 23 00:01:33,480 --> 00:01:36,790 So they have sent a confirmation may let me check if I got a mail. 24 00:01:36,900 --> 00:01:38,450 Yes, I got the mail right now. 25 00:01:38,820 --> 00:01:40,770 Let me just click on confirm my account. 26 00:01:40,950 --> 00:01:45,630 So after clicking Audur, your account was successfully confirmed. 27 00:01:46,740 --> 00:01:47,270 Perfect. 28 00:01:47,280 --> 00:01:49,940 So I'm going to login into my bank account right now. 29 00:01:50,250 --> 00:01:58,350 So let me use my email address and my password to login into this account. 30 00:02:01,590 --> 00:02:07,110 So after giving the right credentials, you just have to hit on login and you'll be logged into your 31 00:02:07,110 --> 00:02:07,560 account. 32 00:02:07,770 --> 00:02:11,760 Just agree and accept whatever the terms are there. 33 00:02:12,820 --> 00:02:17,910 As far as you can see, this is the first thing that you will see, which is the dashboard, your other 34 00:02:17,910 --> 00:02:23,760 points, when you will start handing valid vulnerabilities while it bugs, you will get some points 35 00:02:24,270 --> 00:02:26,970 and your current rank will get updated. 36 00:02:31,250 --> 00:02:31,790 Perfect. 37 00:02:32,090 --> 00:02:37,820 So this is the first thing that you will see when you will sign up and you come into your dashboard. 38 00:02:38,340 --> 00:02:40,390 Let's go to the programs function. 39 00:02:41,180 --> 00:02:47,980 And when I click on programs, you're I can see a long list of programs that are there. 40 00:02:48,020 --> 00:02:53,960 So there are around one hundred and sixty one programs currently which keeps on updating all year. 41 00:02:54,290 --> 00:02:57,110 As you can see on the first one, it is showing waitlisted. 42 00:02:57,830 --> 00:03:05,300 What is waitlisted means I cannot hunt bugs into this account because there are three requirements that 43 00:03:05,300 --> 00:03:07,340 I need to first do. 44 00:03:07,880 --> 00:03:11,240 That is I need to at least submit three reports. 45 00:03:12,110 --> 00:03:18,650 Those are valid then only I be able to hunt bugs into this leading video game company, the three easy 46 00:03:18,650 --> 00:03:19,140 payments. 47 00:03:19,160 --> 00:03:26,390 OK, so these are the programs where you have to be eligible by hunting valid bugs on the background 48 00:03:26,630 --> 00:03:31,850 and they will basically see that your profile is strong enough to hunt and do these types of websites. 49 00:03:31,970 --> 00:03:33,740 OK, so no problem. 50 00:03:33,740 --> 00:03:40,520 If you are not able to handle these two website when you just make a new account, let's see what are 51 00:03:40,520 --> 00:03:41,480 the open programs. 52 00:03:41,510 --> 00:03:44,180 So as you can see, transfer wire is an open program. 53 00:03:45,080 --> 00:03:48,250 You're also you can see takeaway is all open program. 54 00:03:48,260 --> 00:03:50,120 So let me just go to transfer wise. 55 00:03:55,070 --> 00:04:00,320 From the summit report, you can just submit our ability to put to them, let's click on Transfer Ways 56 00:04:00,680 --> 00:04:03,180 and let's see the details about this program. 57 00:04:03,890 --> 00:04:09,800 So as you can see, the name of the program is to transfer waste the reward from hundred dollar minimum 58 00:04:09,800 --> 00:04:18,650 to 4000 dollars per vulnerability, maximum reward have given a six thousand dollars safe harbor means 59 00:04:18,650 --> 00:04:23,270 you just have don't have to disclose the bugs anywhere until they are fixed. 60 00:04:24,260 --> 00:04:25,600 These are the program details. 61 00:04:25,610 --> 00:04:29,230 93 vulnerabilities have been found into this program and rewarded. 62 00:04:29,780 --> 00:04:36,650 They basically validate in four days average payout they have been giving us to fifty five point five 63 00:04:36,650 --> 00:04:37,550 five dollars. 64 00:04:37,700 --> 00:04:38,210 Perfect. 65 00:04:38,660 --> 00:04:41,120 Forty seven unique bugs have been reported to them. 66 00:04:41,120 --> 00:04:46,370 Out of some are duplicates or in total, bugs are 192, yada, yada. 67 00:04:46,370 --> 00:04:48,400 The total latest Hall of Famers. 68 00:04:48,410 --> 00:04:53,510 And these are the people who have recently joined the program and started hunting on transfer rates, 69 00:04:54,350 --> 00:04:56,270 as you can see, all going to the announcement. 70 00:04:57,080 --> 00:05:02,480 And you can see they keep on updating the rewards of bonus period has ended for transfer waste program 71 00:05:03,200 --> 00:05:04,190 and crowd stream. 72 00:05:04,430 --> 00:05:13,730 So Cloudstreet Stream is a feature in which the website owner of Transfer Wise decide if they want to 73 00:05:13,730 --> 00:05:15,160 make their reports public. 74 00:05:15,680 --> 00:05:22,970 So anyone liabilities that has been reported after reporting the fix it and after it has been fixed, 75 00:05:23,180 --> 00:05:28,490 it is their decision that they want to make this report public for other people so they can basically 76 00:05:28,490 --> 00:05:29,060 read it. 77 00:05:30,020 --> 00:05:36,500 How is a very good platform in which we have the option of reading the report, but has just recently 78 00:05:36,500 --> 00:05:37,880 implemented crowd stream. 79 00:05:38,780 --> 00:05:44,990 So let's just try to go there and you can see these reports submission accepted, but we cannot report. 80 00:05:49,380 --> 00:05:52,590 Basically read any type of reports because they are not public. 81 00:05:52,620 --> 00:05:53,670 This is the Hall of Fame. 82 00:05:55,410 --> 00:05:55,960 Perfect. 83 00:05:56,310 --> 00:06:00,330 Let's go down and you can see these are the rules. 84 00:06:00,660 --> 00:06:02,210 Not important for us right now. 85 00:06:02,220 --> 00:06:02,610 Let's go. 86 00:06:02,640 --> 00:06:10,500 Your reward range is important, as you can see, any bug which comes under BE1 severity that is critical 87 00:06:11,010 --> 00:06:14,670 and gets the reward range between three thousand dollars to four thousand dollars. 88 00:06:15,090 --> 00:06:21,110 Similarly, BE2 with a severe bug goes to for 1000 to 1500, moderate and low. 89 00:06:21,900 --> 00:06:28,380 So the vulnerabilities that have been we have studied, studied in previous videos like all the bypass, 90 00:06:28,380 --> 00:06:31,260 no debt limit exercise C SRF. 91 00:06:32,460 --> 00:06:39,500 And if you try to get sensitive data out of those vulnerabilities of any of the user accounts, this 92 00:06:39,520 --> 00:06:42,500 probability may will go to point B two and B three. 93 00:06:44,260 --> 00:06:44,520 Yes. 94 00:06:44,970 --> 00:06:49,850 So this is important to see, which is what is in your scope to test. 95 00:06:50,160 --> 00:06:55,460 So transfer wise dot com that that is the website is in scope for your testing. 96 00:06:56,040 --> 00:06:59,460 Total, 41 unique bugs have been already reported. 97 00:07:00,400 --> 00:07:03,730 As you can see, these are the bugs which have reported and you can seek. 98 00:07:03,810 --> 00:07:09,390 SRF is already reported to unique reports have been reported and nine duplicate reports. 99 00:07:10,320 --> 00:07:10,800 OK. 100 00:07:13,490 --> 00:07:19,580 And the Iosava Android app and other things are into the scope, what is an out of scope is important 101 00:07:19,580 --> 00:07:28,130 for you, because I do not want you guys to waste your time on hunting on websites which are kept out 102 00:07:28,130 --> 00:07:28,610 of scope. 103 00:07:28,620 --> 00:07:35,270 For example, you can see the blue dot com or the blue dot, the belly or any subdomains of these two 104 00:07:35,270 --> 00:07:37,070 websites are out of scope. 105 00:07:38,120 --> 00:07:43,970 So if you try to find anyone Lovelady's on these domains, they will not be acknowledged or rewarded 106 00:07:43,970 --> 00:07:45,590 because those are out of scope. 107 00:07:47,540 --> 00:07:52,310 Let's go yet again to focus areas they want you to bypass at all. 108 00:07:52,550 --> 00:07:55,610 Unauthorized accounts, do authentication bypass. 109 00:07:56,540 --> 00:08:05,180 OK, let's scroll down and let's see what else these are out of school fallibilities, which means low 110 00:08:05,180 --> 00:08:10,250 hanging fruit, basically, which which should not be reported. 111 00:08:12,710 --> 00:08:16,220 These are out of school books and the program rules. 112 00:08:16,280 --> 00:08:17,570 So basically, this is it. 113 00:08:18,050 --> 00:08:20,990 The most important thing to look out here is the reward range. 114 00:08:21,000 --> 00:08:26,040 What is in school and how many vulnerabilities have been reported to that program? 115 00:08:26,630 --> 00:08:27,140 Perfect. 116 00:08:27,530 --> 00:08:32,530 So let's assume now that you have found a valid vulnerability onto this website. 117 00:08:32,840 --> 00:08:35,080 So how to submit a report onto this program? 118 00:08:35,450 --> 00:08:41,210 We have read all the rules and everything, but how to submit a report so you can see there is the option 119 00:08:41,210 --> 00:08:42,110 of submit a report. 120 00:08:42,290 --> 00:08:47,140 You just have to click on that after clicking on submit report. 121 00:08:48,110 --> 00:08:51,250 The first thing that it is asking is somebody's title. 122 00:08:51,650 --> 00:08:58,130 So you have to provide a summary title, which is basically, let's say you have found Exercice on this 123 00:08:58,130 --> 00:09:01,310 website, so you have to type Exercice on 124 00:09:03,980 --> 00:09:05,140 the W w dot. 125 00:09:07,000 --> 00:09:08,950 Transfer wise dot com. 126 00:09:11,820 --> 00:09:19,590 You have to choose the target after choosing the target, technical security, you to choose a bug so 127 00:09:19,590 --> 00:09:24,340 we can choose, let's say, exercice, as we have found, exercise in exercise. 128 00:09:24,360 --> 00:09:33,010 Let's say we have found reflected exercise, so reflected exercise nonsense, obviously not a self exercise. 129 00:09:33,020 --> 00:09:37,980 So I'll go down with what is the you are or the endpoint that you have found. 130 00:09:37,980 --> 00:09:43,410 So let's say transfer wise dot com slash. 131 00:09:43,800 --> 00:09:49,170 I have found exercise on, let's say this end point slash. 132 00:09:49,860 --> 00:09:57,800 Here is the injection point equals to exercise. 133 00:09:58,050 --> 00:10:02,970 So let's say the parameter here is the injection point is vulnerable and I'm able to put the exercise 134 00:10:02,970 --> 00:10:04,050 payload over there. 135 00:10:04,590 --> 00:10:11,340 So you have to give it like this so it becomes easy for the program owners to validate the issue and 136 00:10:11,340 --> 00:10:12,540 triage quickly. 137 00:10:13,320 --> 00:10:18,900 The most important thing here is the description and the description there should be to do four things 138 00:10:18,900 --> 00:10:21,180 which are important for any report that you make. 139 00:10:21,750 --> 00:10:23,310 First is description. 140 00:10:24,480 --> 00:10:27,930 Description signifies what vulnerability you have found out. 141 00:10:28,560 --> 00:10:31,170 The next is steps to reproduce. 142 00:10:32,820 --> 00:10:38,460 So unless you have to type what are the steps to reproduce in that you can type step one, go to this. 143 00:10:38,460 --> 00:10:45,180 You are a step to put this exercise payload year into the injection point step three. 144 00:10:45,330 --> 00:10:51,540 When you will hit enter, you will be able to able to see that exercise execute, which confirms there 145 00:10:51,540 --> 00:10:52,770 is a valid venerability. 146 00:10:55,760 --> 00:11:03,290 So the next thing is proof of concept, so you have to attach a screenshot or a video. 147 00:11:04,010 --> 00:11:11,210 I generally believe attaching a video is more helpful in some cases. 148 00:11:11,810 --> 00:11:18,350 And it is a very good practice that instead of attaching screenshots, you can attach a quick PEOC video. 149 00:11:22,280 --> 00:11:25,000 And the last one is mitigations that how to fix this. 150 00:11:25,400 --> 00:11:30,250 So, guys, we have already seen the mitigations for each type of vulnerability into our videos. 151 00:11:30,770 --> 00:11:36,410 You can just try to give a reference from those videos over here that were the fixes. 152 00:11:36,860 --> 00:11:37,910 And these are two. 153 00:11:37,910 --> 00:11:39,500 Are any additional inputs? 154 00:11:39,500 --> 00:11:41,020 You don't have to give anything over there. 155 00:11:41,030 --> 00:11:41,780 It is optional. 156 00:11:42,470 --> 00:11:44,180 Finally, add attachments. 157 00:11:44,180 --> 00:11:47,400 You can add to your video or screenshot over here. 158 00:11:47,450 --> 00:11:53,180 I recommend attaching videos for each and every one lability that you found. 159 00:11:55,010 --> 00:11:57,480 Now, the last step is just ahead on this report. 160 00:11:57,530 --> 00:12:00,450 So you're not going to submit a blank report right now. 161 00:12:00,920 --> 00:12:02,810 Obviously, this is an invalid report. 162 00:12:03,080 --> 00:12:06,260 But but just to show, you guys have submitted a report. 163 00:12:06,470 --> 00:12:11,300 After that, you have to go into your submission stat and you can see the vulnerability that has been 164 00:12:11,300 --> 00:12:12,340 reported over there. 165 00:12:12,650 --> 00:12:15,740 So the vulnerabilities exist on transfer of Wired.com. 166 00:12:16,160 --> 00:12:20,050 And the category is Vetri, the one level it is new for now. 167 00:12:20,570 --> 00:12:24,720 As soon as this is accepted, it will become, as we can see, it is impending double. 168 00:12:25,040 --> 00:12:27,770 As soon as it is accepted, it will come over here. 169 00:12:27,770 --> 00:12:28,640 Accepted one. 170 00:12:31,040 --> 00:12:33,140 If it is rejected, it will go a year. 171 00:12:33,500 --> 00:12:36,470 Obviously, this is going to get rejected, it is going to go here. 172 00:12:36,710 --> 00:12:40,220 If it is a duplicate of any other venerability, it will go year. 173 00:12:40,520 --> 00:12:46,820 Collaboration means if two people have followed this vulnerability, then it will go into the collaboration's 174 00:12:46,820 --> 00:12:50,670 and the bounty will be split between both both the two researchers. 175 00:12:51,290 --> 00:12:52,730 The last thing is invitations. 176 00:12:52,730 --> 00:12:53,090 Invitation's in. 177 00:12:53,090 --> 00:12:55,700 You get private invite to your account. 178 00:12:56,150 --> 00:13:00,980 If you want valid vulnerabilities onto this program, you get private invite. 179 00:13:00,980 --> 00:13:02,270 So what are private invites? 180 00:13:02,280 --> 00:13:03,500 We're going to discuss it. 181 00:13:05,150 --> 00:13:08,630 Let's first click on the submission that we have made. 182 00:13:09,020 --> 00:13:10,400 As you can see, this is the reference. 183 00:13:10,400 --> 00:13:14,000 No reference number helps you guys a lot. 184 00:13:14,300 --> 00:13:20,300 Whenever you have, you are stuck onto any report or the support or the program, one that is not replying 185 00:13:20,300 --> 00:13:23,660 or they are not able to understand the scenario that you have reported. 186 00:13:24,050 --> 00:13:29,060 Or basically if there is any misunderstanding, you can just take this reference number and you can 187 00:13:29,060 --> 00:13:31,820 report to the support of Backroad. 188 00:13:32,420 --> 00:13:38,900 They are pretty awesome and they reply in a very quick time frame and they will help you resolve your 189 00:13:39,080 --> 00:13:39,500 query. 190 00:13:40,730 --> 00:13:41,100 Cool. 191 00:13:41,420 --> 00:13:43,640 So as you can see, the target location is this. 192 00:13:44,120 --> 00:13:46,370 But I repeat, read the report. 193 00:13:47,360 --> 00:13:56,180 OK, so I have made a blind report obviously on 22 April so you can see everything from your submissions 194 00:13:56,180 --> 00:13:56,510 tab. 195 00:13:59,730 --> 00:14:06,330 So for now, what I'm going to do is I'll go to Beaminster and you can see my upcoming payments are 196 00:14:06,340 --> 00:14:09,810 nothing I can set up your people. 197 00:14:10,440 --> 00:14:12,570 This is a leader board and the leader board. 198 00:14:12,570 --> 00:14:16,110 You can see top security researchers. 199 00:14:17,280 --> 00:14:18,420 Let's go to crowd streams. 200 00:14:18,420 --> 00:14:23,380 Crowd Stream is a new feature which has been implemented by background very. 201 00:14:23,570 --> 00:14:26,630 You can try to report read the report. 202 00:14:27,000 --> 00:14:32,630 Let's go to the invite step wherein you will get some private invites, what I was talking about. 203 00:14:32,970 --> 00:14:40,790 So basically private invites are invites for some special programs which are not public. 204 00:14:41,130 --> 00:14:48,990 So a limited security researchers will be holding on that program, which means the scope is more for 205 00:14:48,990 --> 00:14:52,080 you to hunt as there are less people hunting on that program. 206 00:14:53,670 --> 00:14:54,160 Perfect. 207 00:14:54,600 --> 00:14:56,340 You can fill up your details over here. 208 00:14:56,550 --> 00:15:02,190 If you have done any certification credentials, your personal details, if you want to update in the 209 00:15:02,190 --> 00:15:06,930 account, you can just update your password details. 210 00:15:06,930 --> 00:15:08,970 What kind of T-shirt size do you have? 211 00:15:10,900 --> 00:15:12,660 Let's say I put our elsewise. 212 00:15:13,140 --> 00:15:15,210 You can put your address, whatever you want to do. 213 00:15:15,990 --> 00:15:21,270 This is deactivate account in the payment details, any of the payments you have. 214 00:15:21,390 --> 00:15:25,110 If you have, you can connect your people over here. 215 00:15:26,280 --> 00:15:29,070 There are two options for payment on backroad. 216 00:15:29,070 --> 00:15:33,000 First is the people and second one is the buyer need. 217 00:15:33,210 --> 00:15:34,440 I prefer PayPal. 218 00:15:41,120 --> 00:15:46,700 OK, so perfect here you can see whenever you try to log in, it will create a session. 219 00:15:46,710 --> 00:15:49,970 You can see what their last option is, identity verification. 220 00:15:49,970 --> 00:15:58,160 You can verify your identity because some programs need compulsory identity verification. 221 00:15:58,340 --> 00:16:05,270 So you can do that if you want to hunt for some programs last of the support, you can just try to contact 222 00:16:05,270 --> 00:16:09,200 the support if you are facing any issues onto the platform. 223 00:16:10,280 --> 00:16:17,600 So you can just drop an email at a researcher and read background dot com wherein you will be supported 224 00:16:17,600 --> 00:16:18,250 very quickly. 225 00:16:21,800 --> 00:16:27,590 OK, so I hope you understood a lot of things over here, the last option is the dart board, which 226 00:16:27,590 --> 00:16:34,710 makes your eyes a little cool so you can hunt vulnerability's at night time. 227 00:16:34,730 --> 00:16:37,650 Also, this white plate will not reflect for you guys. 228 00:16:38,250 --> 00:16:42,440 So, yeah, I'll just again go to the program features. 229 00:16:42,440 --> 00:16:47,570 You can see there are a lot of programs which you can hunt for and you can start hunting and all the 230 00:16:47,570 --> 00:16:48,560 open programs. 231 00:16:49,040 --> 00:16:54,980 So let me just try to search for TripAdvisor as we already found an exercise into our videos. 232 00:16:55,490 --> 00:16:58,160 And yes, this is a program on background. 233 00:16:58,380 --> 00:17:05,630 I already reported this vulnerability on TripAdvisor and have been awarded with a bounty for this vulnerability. 234 00:17:05,630 --> 00:17:12,680 So no need to submit that vulnerability as it will go in duplicate. 235 00:17:13,170 --> 00:17:19,670 OK, so this is how basically you do bug bounty hunting on backroad dot com. 236 00:17:20,060 --> 00:17:26,660 So this video was the roadmap for doing bug bounty hunting on background, wherein I tried to explain 237 00:17:26,660 --> 00:17:32,480 each and every functionality of backroad, how to navigate and how to submit valid reports. 238 00:17:33,110 --> 00:17:38,330 So I hope this video helps you guys in hunting onto this platform. 239 00:17:39,050 --> 00:17:39,620 Thank you.