Secret Bug bounty Extension all Hackers Forget To Add. Part-2 (Not Common!)🧑🏻‍💻

Hi, Ajak Amico’s welcome back to another blog today. I will show you the Secret Extensions I use For my Bug Bounty journey that make the process of hunting so easy. And all the mentioned extensions are professionally used by all security researchers. Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇

Follow our Youtube Channel: @ajakcybersecurity (361 Videos)

Follow on Instagram: @ajakcybersecurity

1)Pwnfox

Are you struggling to find Idor on the website? This extension will help you find the IDOR; it’s a BurpPro extension that works with Firefox. It accomplishes two things. First, it helps containerize up to eight (yes, that’s right, eight!) different sessions within one browser, and secondly, it organizes all your proxied traffic in Burp BY COLOR!, Whether you use Firefox or the built-in Chromium browser within Burp, I’m sure there have been at least a few times where you’ve noticed that you have your browser and can also open a new incognito window and run a different session. Usually, that’s where Burp stops. Even if you open another incognito browser, chances are it will pull or share cookies from the other incognito browser, which is certainly annoying, This capability allows you to send a request to repeater and hot-swap cookies much easier. So yes, finding IDORs has become 10 times more efficient, not to mention the fact that if you’re testing a web app, now you can test more than two sessions/roles at a time!

2)HackTools

If you are working in the red team, this extension is for you. It is my favourite extension It includes cheat sheets as well as all the tools used during a test, such as XSS payloads, Reverse shells, and much more. With the extension, you no longer need to search for payloads on different websites or in your local storage space, most of the tools are accessible with one click. Helps you with duplicates.

3) Modify Header Value

It is the most popular extension used by professional bug hunters. It is used to Modify the Header Value, which can add, modify, or remove an HTTP-request header for all requests on a desired website or URL. This Firefox add-on is very useful if you are an App developer, a website designer, or if you want to test a particular header for a request on a website. Suitable for the 403 bypass and all.

4)Temp Mail

While testing a website, we need to use email to find some vulnerabilities. Instead of using our personal email, you can use the temp mail extension to create a temporary mail id. This extension will help because it will create temporary mail and allow you to use that mail ID to test the website. It is also like our email application. My personal tip: Create a Separate google account named: hackerone+Yourname+Randomnumber Eg: Hackeronekumar7@gmail.com, it will be useful for other triagers also

5) Open multiple URL

let us take a scenario I am doing recon for my target, and at that time, I need to open multiple urls at the same time. This is much more difficult to do manually, but there is an alternate way: an Extension that will open multiple urls at the same time. If we paste the URLs into that extension, it will open a separate tab for all URLs. Really a very useful extension for all security researchers.

6)BrokenLink Checker

If you are struggling to find 404 errors, don’t worry, this extension is for you. It is an SEO tool to find broken (404) and redirected (301, 307, 308) links in all frames. An easy way to get some bounty is by taking over broken social media handles. It will check the link and display a status code with that.

7)JSON formatter

JSON stands for JavaScript Object Notation. It is a language or format used for storing and transporting data and is often used when data is sent from a server to a web page. This extension Makes JSON easy to read. Comes in handy when you test AEM!

8)Trufflehog

if you are an API pentester, this extension is for you. An extension to sniffing out credentials! It looks for API keys and credentials on websites visited and alerts you if there are any present. This is useful for doing pen tests and code reviews because it helps identify keys that would otherwise either be missed or have to be searched for manually.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Hope you would have learned some information from this blog if so, kindly press that follow button for further updates. Best wishes from Ajak Cybersecurity.❤️

“கற்றவை பற்றவை🔥”

Learn Everyday, Happy Hacking 😁🙌

https://www.buymeacoffee.com/Ajak

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

Follow our Youtube Channel: @ajakcybersecurity

Follow on Instagram: @ajakcybersecurity