Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Automation for Bug Hunters

Mohammed Diaa
November 29, 2017
Technology
2
4.3k

Automation for Bug Hunters

Mohammed Diaa

November 29, 2017
Tweet

Other Decks in Technology

See All in Technology
失敗から学ぶQA組織
taro_nanairo
1
270
安心して現場で学習できる環境として Flutter Web の管理サイトがおすすめな話
htsuruo
5
140
機械学習モデル性能向上への学習データからのアプローチ
okada_fuutass
0
140
FaaS における Java 起動時間の比較 (AWS / Azure / GCP) #jjug_ccc #jjug_ccc_d
tacck
2
830
組織一丸となってカスタマーサクセスを実現するための取り組みと悩み
zakiyama
0
150
GLOBIS データサイエンスチームのご紹介/ GLOBIS Data Science Team is hiring.
globis_gdp
0
1.9k
MagicPod開発における テスト自動化とCI
nozomiito
0
140
何故、UseCaseは1メソッドなのか
okuzawats
2
390
Microsoft Startup Tech Meetup #0 : Kikuchi
hikiroku
1
120
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
2.3k
2023.06.01_LangChain/Llamaindex/Whisperを使ったアプリケーション開発のまとめと展望
pharma_x_tech
0
690
JUnitテストをCI環境で並列で実行する方法とその速度, スケーラビリティ
nabedge
4
260

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
183
15k
Being A Developer After 40
akosma
50
580k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
18k
Docker and Python
trallard
31
2.1k
Happy Clients
brianwarren
90
6k
Designing with Data
zakiwarfel
92
4.3k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
A Modern Web Designer's Workflow
chriscoyier
689
190k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.7k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
Gamification - CAS2011
davidbonilla
75
4.2k
Debugging Ruby Performance
tmm1
68
11k

Transcript

  1. Automation for Bug Hunters
    Never send a human to do a machine’s job

    View Slide

  2. Who am I?
    ● Mohammed Diaa / @mhmdiaa
    ● Bug hunter
    ● Web developer
    ● Tool creator

    View Slide

  3. Outline
    ● Why do we need automation?
    ● What can we automate?
    ● Monitoring (the past & the future)
    ● How to do it?
    ● Introducing Bounty Machine
    ● How can the community be more efficient?
    ● Takeaways

    View Slide

  4. Why do we need automation?

    View Slide

  5. Why?
    Boredom and drudgery are evil
    http://www.catb.org/esr/faqs/hacker-howto.html#believe3

    View Slide

  6. Why?
    Repetitive work may exhaust you away from doing
    what’s really worth your time
    https://bugbountyforum.com/blog/ama/avlidienbrunn/

    View Slide

  7. Why?
    Automation can help you test a theory quickly
    http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html

    View Slide

  8. Why?
    Keep an eye out for changes / new assets
    https://docs.google.com/presentation/d/1PCnjzCeklOeGMoWiE2IUzlRGOBxNp8K5hLQuvBNzrFY

    View Slide

  9. What can we automate?

    View Slide

  10. What?
    Environment setup
    ● Kali rolling on AWS
    ● Docker
    ● Shell scripts
    Reporting
    ● Template Generator
    ● Bug Bounty Templates
    ● Bounty Report
    Generator
    Recon and basic testing
    There are many tools;
    the trick is to make them
    work together.

    View Slide

  11. Monitoring

    View Slide

  12. Monitoring the past
    ● Google time filter (thanks almoroot and avlidienbrunn)
    ● WaybackMachine (WaybackUnifier)
    ○ robots.txt (thanks zseano)
    ○ API documentation (thanks filedescriptor)
    ○ JS files
    ○ HTML (comments / more JS / endpoints / input names)
    ● Old mobile app versions
    ○ Creds
    ○ Endpoints

    View Slide

  13. Monitoring the future
    ● API documentation
    ● JS code (thanks Jobert)
    ● Mobile app updates (thanks Arne)
    ● Dev blogs
    ● Google News
    ● Everything else (more on that later)

    View Slide

  14. How to do it?

    View Slide

  15. = tool
    = portion of info
    = group of tools
    = info
    How?

    View Slide

  16. How?

    View Slide

  17. How?

    View Slide

  18. How?

    View Slide

  19. How?

    View Slide

  20. How?

    View Slide

  21. How?

    View Slide

  22. How?

    View Slide

  23. Introducing Bounty Machine

    View Slide

  24. Bounty Machine
    Anshuman Bhartiya and I are working on a cool project.
    Project objective: allow researchers to compose complex
    workflows in a modular fashion.
    It will implement all the mentioned workflows and more.
    We will hopefully demo it soon.

    View Slide

  25. Features
    ● Runs multiple tools in a chain
    ● Fully modular (you can plug in the new hot tool)
    ● Monitoring
    ● Customized notifications (get notified only when
    something interesting comes up)

    View Slide

  26. How to add a new tool
    1. Build a Docker image for your tool.
    2. Define what data it needs.
    3. Define what data it produces.
    4. Specify whether you want to get notified when it finds
    something.
    5. Find a place for it in the workflow where it can play
    with other tools (optional).

    View Slide

  27. What happens behind the scenes
    1. Run the tool
    2. Translate its output into something that other tools can
    use.
    3. Check if the output has changed since the last time.
    4. Notify the user about newly-found results.
    5. Pass it to other tools to perform further checks.
    6. Do this all the time for all targets.

    View Slide

  28. How can the community be
    more efficient?

    View Slide

  29. What we do wrong
    The community rebuilds existing tools too often.
    If your new tool isn’t more helpful, you’re probably wasting
    your time.
    We should focus more on building new tools and extending
    existing ones.

    View Slide

  30. Why do we rebuild tools?
    ● Unawareness of the existence of a tool
    ● Boredom
    ● Unmaintained projects
    ● Different requirements

    View Slide

  31. List of tools we have
    https://bugbountyforum.com/tools/
    Purpose:
    1. Help beginners and experts alike find new tools to add to their
    arsenal.
    2. Inform tool developers about existing tools so they don’t set out to
    build them.
    Updated regularly

    View Slide

  32. List of tools we need
    https://ideas.bugbountyforum.com
    Contribute new ideas.
    If you like an idea, build a new tool for it.
    You can find interesting problems to solve.
    No more Less duplicate tools!

    View Slide

  33. Takeaways
    ● If something can be automated, automate it.
    ● Always monitor your target’s online assets.
    ● Dig into the past of your target.
    ● Your tools are good, but they’re better together.
    ● If you have a tool suggestion, share it.
    ● Tools should be easily connectable.
    ● Don’t reinvent the wheel (unless your wheel is
    rounder).

    View Slide