Member-only story
Part 03 | What To Do After Choosing a Target? | Post Recon | Bug Bounty
Hello Everyone, Welcome to the 3rd Part of the series
In the last series we discussed about :
- Google Dorking
- Analyzing Js files
- Content discovery
And with that we were done with Recon. So now the question comes up,
What to do after Recon ?
So, Let’s Start !
Setting Up a Proxy
So before beginning to scan the target manually we will need to setup a proxy, A proxy server acts as a gateway between you and the internet.
We have several apps that can help us do that like -:
- Burp Suite
- Owasp Zap
Today we are going to use BurpSuite, you can download the community edition which is free for everyone from the portswigger website
You will see something like this, You can setup the proxy with your external browser using these instructions:
Now Let’s Begin the Manual Hunting!
Getting To Know The Application
The first thing I do after recon is just open the website and start using it like a normal user, Do the thing you would do as a normal user, Register an account and where ever you see an input field enter this attack vector-
‘”`><img src=x>${7*7}
This will test for SQLi, CSTI, SSTI, XSS
While exploring the application please make sure to note everything down, there are…
