Basics you should know before starting Bug Hunting : 1

If you are new to hacking, it is a good idea to familiarize yourself with how the internet works and what happens when you type a website address into your browser’s address bar. 

Even though visiting a website may seem straightforward, there are several hidden steps involved, like:

1. Sending a Request: Your browser prepares a request to the website you want to visit. This request is like asking the website to share its content with you.

2. Finding the Domain: Your browser figures out which website you’re asking for. It’s like finding the exact location of a store in a big mall.

3. Translating to an IP Address: Websites have special numbers called IP addresses, and your browser translates the website’s name into one of these numbers. Think of it as translating a store’s name into its street address.

4. Sending the Request: Your browser sends the request to the website’s IP address, like mailing a letter to a specific address.

5. Getting a Response: The website receives your request, processes it, and sends back a response. It is like having a package delivered to your door.

So, even though visiting a website on the internet may appear to be as simple as clicking, there is actually a lot going on behind the scenes. If you are interested in bug bounty hunting, having a solid understanding of these fundamentals can be very beneficial!

In this article, we will explore some key concepts and terms you should be familiar with. We’ll talk about things like vulnerabilities (which are weaknesses), bug bounties (finding and fixing these weaknesses), clients and servers (they’re like computers talking to each other), IP addresses (like unique phone numbers for the internet), and HTTP (how websites and browsers communicate).

VULNERABILITIES 

Imagine this: You join a website and make a profile with your name, email, birthday, and address. The site promises to keep your information safe, which only your friends can see. Sounds good, right?

Now, here’s the catch: What if the website lets anyone add you as a friend without asking you first? That’s a problem! Even though they’re good at keeping your information away from strangers, this little hiccup means anyone can view it.

So, when you’re testing a website, always think about how people could misuse what’s already there.

When you’re learning and testing applications, remember that problems can pop up when attackers do things they’re supposed to do as well as when they do things they shouldn’t. 

Now, let’s see the definition of Vulnerabitiy,

A vulnerability is a weakness in an application that allows a malicious person to perform some unpermitted action or gain access to information they shouldn’t otherwise be allowed to access.

 BUG BOUNTIES

A bug bounty is like a prize that a website or company gives to anyone who finds a problem in their software or computer system and tells them about it in a good way. 

They usually give money as the prize, which can range from a little bit to a lot. Sometimes, they might give things like digital money (cryptocurrencies), air miles, points for rewards, or service credits.

When a company decides to have bug bounty programs, they make a set of rules and guidelines for people who want to check their systems for problems. 

It’s important to know that this is not the same as a vulnerability disclosure program (VDP). In bug bounty programs, you get paid for finding problems, but in a VDP, there’s no money involved (although they might give you cool stuff). A VDP is just a way for good hackers to tell a company about problems so they can fix them.

CLIENT AND SERVER

Your web browser uses the internet, which is like a big network of computers talking to each other. They send messages in the form of “packets.” 

These packets have your information, like what you’re sending and where it’s going. It’s like writing a letter with both the message and the addresses on it.

Every computer on the internet has an address where it can get packets sent to it. But some computers only accept certain types of packets, and others only allow packets from a restricted list of other computers. It’s then up to the receiving computer to determine what to do with the packets and how to respond.

I’ll refer to these computers as either clients or servers. The computer initiating requests is typically referred to as the client regardless of whether the request is initiated by a browser, command line, or so on. Servers refer to the websites and web applications receiving the requests. 

Sometimes, I’ll just talk about computers in general when the concept applies to both clients and servers.

Because the internet has lots of computers communicating to each other, we need rules for how they should talk. These rules are in documents called Request for Comment (RFC). 

For example, there’s something called Hypertext Transfer Protocol (HTTP) that tells your web browser how to communicate with a far-away server using Internet Protocol (IP). 

Both the client and server have to follow the same rules, so they understand the messages they’re sending and getting.

In wrapping up, we’ve explored the fundamental building blocks of bug bounty and web security. We’ve learned about vulnerabilities—those sneaky weaknesses that can put your online information at risk. 

Bug bounty programs, like rewards for web detectives, encourage people to find and report these vulnerabilities to make the internet safer for all of us.

We’ve also peeked into the world of clients and servers, the essential components of web communication. 

Remember, understanding these basics not only keeps your data safe but also empowers you to be a part of the solution. So, keep learning and stay curious about the digital world—it’s an adventure waiting to happen!

In the next article, we will go through “What Happens When You Visit A Website.”. So until next time, stay secure, stay curious, and keep exploring the fascinating world of cyber security.