YesWeBurp is a Burp Suite extension that gives you access to all your YesWeHack Bug Bounty Programs from within Burp. Configure Burp according to the public and private programs you are participating in by adding scopes and defining User-Agents.
PwnFox is a Firefox/Burp extension that has been described as “an IDOR Hunter’s best friend”. PwnFox allows you to containerize up to eight sessions within one Firefox browser, while all proxied traffic is colour-coded. Features include single-click BurpProxy, Containers Profiles, PostMessage Logger, Toolbox Injection and Security Header Remover.
The Pwning Machine helps hunters navigate complex modern web services in the privacy-preserving way demanded by some Bug Bounty Programs. This customizable, extensible suite of tools provides an ideal environment for testing complex exploits in a world of containers and microservices. A Docker-based environment can be set up on a dedicated server in less than 10 minutes.
The VDP Finder plugin tells you whether a website you visit has a Vulnerability Disclosure Program (VDP). Available on Chrome and Firefox, the extension saves you from wasting time trawling a website for evidence of a VDP. VDP Finder removes friction from the vulnerability reporting process by displaying available security.txt and checking domains against FireBounty databases.
XSStools is a cross-site scripting (XSS) development framework that simplifies the crafting of XSS payloads. Generate powerful payloads quickly with the payload generator, and use one of many available wrappers without the need for encoding. You also need only supply the targeted element to write clickjacking code – a usually tiresome task. A collection of exfiltrators is included.
PIMP MY BURP
Read our “PimpMyBurp” series of articles to learn how to use Burp Suite extensions effectively. These tutorials will help you harness these tools to adeptly identify vulnerabilities such as Insecure Direct Object Reference (IDOR), Improper Access Control, Business Logic and Privilege Escalation bugs.
PimpMyBurp #9 – Use BCheck to improve vulnerability scanning
PimpMyBurp #8 – Perform Advanced Fuzzing With Turbo Intruder
MEET OUR HUNTERS
Watch interviews with our top-performing hunters. Hear about the secrets of their success, technical tips and tricks, and their experiences disclosing vulnerabilities and earning bounties through YesWeHack.
BUG BOUNTY BLOG
Check out our latest articles and videos for bughunting news, inspiration, practical advice and technical tips.
How to exploit GraphQL endpoint: introspection, query, mutations & tools
Firefly v1.1.0: A smart black-box fuzzer for testing web applications
Web Application Black-Box Testing
SIGN UP TO YESWEHACK TODAY
Join the pro-hunter service run by hackers for hackers