Bug Bounty Show

okay we can move to the next uh Bounty Hut Hunter so I would like to welcome karthikey agrawal to present his talk on how he was able to bypass limits in whole web via the python selenium can we have a big round of applause for the cardigan researcher I have 3 800 plus reputation at hacker one I achieved 90k Dollar Plus bounties at the age of 16 in just one year I am glad to have some mentors like Aditi Singh Ashish dhon and Tanya Agarwal and some friends like vinayak Agarwal and so what's there here is the flow of my bug so let's talk about the firstly we talk about the basic of the bug then we talk about the selenium and then we talk about how to exploit the bug so let's take a look on Webdriver Webdriver is a component in a selenium Library which we can use to uh show the browsers which we are using and it's Inc component inside the selenium we will learn about it further in the presentation so web browser is a three layer web architecture user will interact only on application layer and user will able to contact to the application on application layer so here is what is selenium selenium is a testing tool used to automations test for automation testing and selenium also used to automate some other tasks in Ai and others so the people who automate the website testing and still in seleniums are able to also automate Idol box and rate limit bugs and so what is selenium Library so selenium is a library present in several languages like Java rupee C sharp Python and JavaScript is sent request on the Json and it directly contact uh connect with the web drivers web drivers is just replication of real web browsers but working something on development level and so what's the my back flow so I was hunting on a web application uh healthcare insurance application private program on hacker one after I got invite from the program I start searching with low and medium bucks firstly as every researcher so when I was taking a look at the request of the web application for requesting the forgot password and some appointment booking features I was able I was able to detect that there is an author token in the application in request which which is the data which is checking that the request is sent one time so we are not able to send it again and again and it will give error like 403 and 401 so I just leave it at that time and I starting hunting for different works but uh I was also working on a Instagram Auto mission on a golang to automatically create Instagram posts by AI so ins by inspired by it I uh come thing come in my mind why not use a python selenium script to automate the process and send the request again and again in the python code so I just wrote us python selenium code to automate the task of appointment booking and appointment booking and forgot password and I was able to bypass the rate limit even when I was submitting the report at hacker one so the program is telling that we are already using good apis Securities and you can't report it but I report it and I was able to achieve the Bounty of 1050 dollar from the program and totally uh on the hacker one private and public programs I achieved three thousand plus dollar bounty on that bug and I just wrote a golang script to detect the hacker one scope and I just list out the all the programs which don't have rate limit out of scope and I just tested this bug on all the programs and I just submit it and I was able to achieve three thousand dollar from that bug we don't have to think any bug low or low or informative just by its name because if we go about and talk about rate limit some programs like meta GitHub and some web3 programs also offers critical bounties like five thousand dollars to ten thousand dollars for the rate limit bugs uh here there is some examples also available on the public internet like GitHub offers fifteen thousand dollar for two fa bypass by rate limit and Meta Even yeah we know about yes uh some uh usage he also uses rate limit some time to exploit the bug sorry for laptop battery is dead and so we have to use every bug and exploit it so don't judge bug by its name just exploit it and you are able to achieve it at good Bounty from the bug sorry if there is any grammatical error because I am 16 I am not much proper in the English add that area currently but I was happy to glad to be mentors available for me always [Applause] thank you so much do you have any questions as a very young age he is doing a lot so it is it is inspiring right