Web Hacking 101
Web Hacking 101
How to Make Money Hacking Ethically
About the Book
With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilies or don't include any real world examples. This book is different.
Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:
- HTML Injection
- Cross site scripting (XSS)
- Cross site request forgery (CSRF)
- Open Redirects
- Remote Code Execution (RCE)
- Application Logic
- and more...
Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.
About the Author
Reader Testimonials
Danil Gribkov
@danilgribkov
I highly recommend Web Hacking 101. The $10 I paid was more than worth it when I got a $500 bounty from PayPal using examples Pete provided. Combined with the constant updates he provides, which I have access to for life, it's a great buy.
Jason Haddix
Father, hacker, Director of Technical Operations @Bugcrowd, blogger, & nerd
I support Bounty Hunters, #reading Web Hacking 101: How to Make Money Hacking Ethically by @yaworsk #bugbounty - leanpub.com/web-hacking-101 --Twitter
Michiel Prins
Co-Found of HackerOne
Want to explore the art and skill of hacking? Try the latest release of @yaworsk's book! --Twitter
Jobert Abma
Co-Founder of HackerOne
Anyone who's interested in web hacking and making money with it, I'd recommend reading this book: leanpub.com/web-hacking-101! #bugbounty --Twitter
Leo Niemelä
CSO at LocalTapiola Group
Worth to read (just bought my copy): How to Make Money Hacking Ethically by @yaworsk leanpub.com/web-hacking-101 #bugbounty --Twitter
Ben Sadeghipour
Bug Bounty participant. Blogger. Gamer.
Awesome book written by @yaworsk. If for some reason you haven't read it yet make sure you do! --Twitter
Jonathan Avery
Hacker
Real-world case studies that helped me score a $600 "Hack The Pentagon" bounty. This book also gave me the confidence boost I needed to land a high paying job as a security engineer at a top aerospace defense company.
@brutelogic
Security researcher @sucurisecurity
Superb work by @yaworsk in leanpub.com/web-hacking-101 I couldn't recommend it more, awesome writing style, you definitely should get it! --Twitter
Ebrietas
Pseudo hacker, information security lover, and bug bounty participant
Web hacking 101 is an amazing beginners guide to breaking web applications as a bug bounty hunter. All sections of the book are backed up by references from actual publicly disclosed vulnerabilities. The focus on the unique findings for each category will more than likely teach some new tricks. It is well worth double the asking price.
Andy Grunwald
Software Engineer (Site Reliability and Platform Engineering) at @trivago. I solve problems and put things into production.
I recommend "Web Hacking 101" about bug bounties and web security. Great book. Thank you @yaworsk leanpub.com/web-hacking-101 #bugbounty --Twitter
Table of Contents
- 1. Foreword
-
2. Introduction
-
- How It All Started
- Just 30 Examples and My First Sale
- Who This Book Is Written For
- Chapter Overview
- Word of Warning and a Favour
-
- 3. Background
-
4. Open Redirect Vulnerabilities
- Description
-
Examples
- 1. Shopify Theme Install Open Redirect
- 2. Shopify Login Open Redirect
- 3. HackerOne Interstitial Redirect
- Summary
-
5. HTTP Parameter Pollution
- Description
-
Examples
- 1. HackerOne Social Sharing Buttons
- 2. Twitter Unsubscribe Notifications
- 3. Twitter Web Intents
- Summary
-
6. Cross-Site Request Forgery
- Description
-
Examples
- 1. Shopify Twitter Disconnect
- 2. Change Users Instacart Zones
- 3. Badoo Full Account Takeover
- Summary
-
7. HTML Injection
- Description
-
Examples
- 1. Coinbase Comments
- 2. HackerOne Unintended HTML Inclusion
- 3. Within Security Content Spoofing
- Summary
-
8. CRLF Injection
-
Description
- 1. Twitter HTTP Response Splitting
- 2. v.shopify.com Response Splitting
- Summary
-
Description
-
9. Cross-Site Scripting
- Description
-
Examples
- 1. Shopify Wholesale
- 2. Shopify Giftcard Cart
- 3. Shopify Currency Formatting
- 4. Yahoo Mail Stored XSS
- 5. Google Image Search
- 6. Google Tagmanager Stored XSS
- 7. United Airlines XSS
- Summary
-
10. Template Injection
-
Description
- Server Side Template Injections
- Client Side Template Injections
-
Examples
- 1. Uber Angular Template Injection
- 2. Uber Template Injection
- 3. Rails Dynamic Render
- Summary
-
Description
-
11. SQL Injection
-
Description
- SQL Databases
- Countermeasures Against SQLi
-
Examples
- 1. Drupal SQL Injection
- 2. Yahoo Sports Blind SQL
- 3. Uber Blind SQLi
- Summary
-
Description
-
12. Server Side Request Forgery
-
Description
- HTTP Request Location
- Invoking GET Versus POST Requests
- Blind SSRFs
- Leveraging SSRF
-
Examples
- 1. ESEA SSRF and Querying AWS Metadata
- 2. Google Internal DNS SSRF
- 3. Internal Port Scanning
- Summary
-
Description
-
13. XML External Entity Vulnerability
- Description
-
Examples
- 1. Read Access to Google
- 2. Facebook XXE with Word
- 3. Wikiloc XXE
- Summary
-
14. Remote Code Execution
- Description
-
Examples
- 1. Polyvore ImageMagick
- 2. Algolia RCE on facebooksearch.algolia.com
- 3. Foobar Smarty Template Injection RCE
- Summary
-
15. Memory
-
Description
- Buffer Overflow
- Read out of Bounds
- Memory Corruption
-
Examples
- 1. PHP ftp_genlist()
- 2. Python Hotshot Module
- 3. Libcurl Read Out of Bounds
- 4. PHP Memory Corruption
- Summary
-
Description
-
16. Sub Domain Takeover
- Description
-
Examples
- 1. Ubiquiti Sub Domain Takeover
- 2. Scan.me Pointing to Zendesk
- 3. Shopify Windsor Sub Domain Takeover
- 4. Snapchat Fastly Takeover
- 5. api.legalrobot.com
- 6. Uber SendGrid Mail Takeover
- Summary
-
17. Race Conditions
- Description
-
Examples
- 1. Starbucks Race Conditions
- 2. Accepting HackerOne Invites Multiple Times
- 3. Exceeding Keybase Invitation Limits
- 4. HackerOne Payments
- Summary
-
18. Insecure Direct Object References
- Description
-
Examples
- 1. Binary.com Privilege Escalation
- 2. Moneybird App Creation
- 3. Twitter Mopub API Token Stealing
- Summary
-
19. OAuth
- Description
-
Examples
- 1. Swiping Facebook Official Access Tokens
- 2. Stealing Slack OAuth Tokens
- 3. Stealing Google Drive Spreadsheets
- Summary
-
20. Application Logic Vulnerabilities
- Description
-
Examples
- 1. Shopify Administrator Privilege Bypass
- 2. HackerOne Signal Manipulation
- 3. Shopify S3 Buckets Open
- 4. HackerOne S3 Buckets Open
- 5. Bypassing GitLab Two Factor Authentication
- 6. Yahoo PHP Info Disclosure
- 7. HackerOne Hacktivity Voting
- 8. Accessing PornHub’s Memcache Installation
- 9. Bypassing Twitter Account Protections
- Summary
-
21. Getting Started
-
Reconnaissance
- Subdomain Enumeration
- Port Scanning
- Screenshotting
- Content Discovery
- Previous Bugs
-
Testing the Application
- The Technology Stack
- Functionality Mapping
- Finding Vulnerabilities
- Going Further
- Summary
-
Reconnaissance
-
22. Vulnerability Reports
- Read the disclosure guidelines.
- Include Details. Then Include More.
- Confirm the Vulnerability
- Show Respect for the Company
- Bounties
- Don’t Shout Hello Before Crossing the Pond
- Parting Words
-
23. Tools
- Burp Suite
- ZAP Proxy
- Knockpy
- HostileSubBruteforcer
- Sublist3r
- crt.sh
- IPV4info.com
- SecLists
- XSSHunter
- sqlmap
- Nmap
- Eyewitness
- Gowitness
- Gobuster
- Meg
- Shodan
- Censys
- What CMS
- BuiltWith
- Nikto
- Recon-ng
- GitRob
- CyberChef
- OnlineHashCrack.com
- idb
- Wireshark
- Bucket Finder
- Race the Web
- Google Dorks
- JD GUI
- Mobile Security Framework
- Ysoserial
-
Firefox Plugins
- FoxyProxy
- User Agent Switcher
- Firebug
- Hackbar
- Websecurify
- Cookie Manager+
- XSS Me
- Offsec Exploit-db Search
- Wappalyzer
-
24. Resources
-
Online Training
- Web Application Exploits and Defenses
- The Exploit Database
- Udacity
-
Bug Bounty Platforms
- Hackerone.com
- Bugcrowd.com
- Synack.com
- Cobalt.io
- Video Tutorials
- youtube.com/yaworsk1
- Seccasts.com
- How to Shot Web
-
Further Reading
- OWASP.com
- Hackerone.com/hacktivity
- https://bugzilla.mozilla.org
- Twitter #infosec and #bugbounty
- Twitter @disclosedh1
- Web Application Hackers Handbook
- Bug Hunters Methodology
-
Recommended Blogs
- philippeharewood.com
- Philippe’s Facebook Page - www.facebook.com/phwd-113702895386410
- fin1te.net
- NahamSec.com
- blog.it-securityguard.com
- blog.innerht.ml
- blog.orange.tw
- Portswigger Blog
- Nvisium Blog
- blog.zsec.uk
- brutelogic.com.br
- lcamtuf.blogspot.ca
- Bug Crowd Blog
- HackerOne Blog
- Cheatsheets
-
Online Training
-
25. Glossary
-
- Black Hat Hacker
- Buffer Overflow
- Bug Bounty Program
- Bug Report
- CRLF Injection
- Cross Site Request Forgery
- Cross Site Scripting
- HTML Injection
- HTTP Parameter Pollution
- HTTP Response Splitting
- Memory Corruption
- Open Redirect
- Penetration Testing
- Researchers
- Response Team
- Responsible Disclosure
- Vulnerability
- Vulnerability Coordination
- Vulnerability Disclosure
- White Hat Hacker
-
-
26. Appendix A - Take Aways
- Open Redirects
- HTTP Parameter Pollution
- Cross Site Request Forgery
- HTML Injection
- CRLF Injections
- Cross-Site Scripting
- SSTI
- SQL Injection
- Server Side Request Forgery
- XML External Entity Vulnerability
- Remote Code Execution
- Memory
- Sub Domain Takeover
- Race Conditions
- Insecure Direct Object References
- OAuth
- Application Logic Vulnerabilities
- 27. Appendix B - Web Hacking 101 Changelog
The Leanpub 60-day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Do Well. Do Good.
Authors have earned$11,230,638writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Top Books
- #1
OpenIntro Statistics
David Diez, Christopher Barr, Mine Cetinkaya-Rundel, and OpenIntroA complete foundation for Statistics, also serving as a foundation for Data Science.
Leanpub revenue supports OpenIntro (US-based nonprofit) so we can provide free desk copies to teachers interested in using OpenIntro Statistics in the classroom and expand the project to support free textbooks in other subjects.
More resources: openintro.org.
- #2
Concurrency with Modern C++
Rainer GrimmC++11 is the first C++ standard that deals with concurrency. The story goes on with C++17, C++20, and will continue with C++23.
I'll give you a detailed insight into the current and the upcoming concurrency in C++. This insight includes the theory and a lot of practice.
- #3
Everyday Rails - RSpecによるRailsテスト入門
Junichi Ito (伊藤淳一) and Aaron SumnerRSpecを使ってRailsアプリケーションに信頼性の高いテストを書く実践的なアドバイスを提供します。詳細で丁寧な説明は本書のオリジナルコンテンツです。また、説明には実際に動かせるサンプルアプリケーションも使用します。本書は2022年版にアップデートされ、Rails 7.0やRSpec Rails 5.0といった新しい環境に対応しています!さあ、自信をもってテストできるようになりましょう!
- #4
Ansible for DevOps
Jeff GeerlingAnsible is a simple, but powerful, server and configuration management tool. Learn to use Ansible effectively, whether you manage one server—or thousands.
- #5
C++20 - The Complete Guide
Nicolai M. JosuttisAll the new language and library features of C++20 (for those who know previous versions).
The book presents all new language and library features of C++20. Learn how this impacts day-to-day programming, to benefit in practice, to combine new features, and to avoid all new traps.
Buy early, pay less, free updates.
Other books:
- #6
Understanding JavaScript Promises
Nicholas C. ZakasLearn all about JavaScript promises from veteran JavaScript author Nicholas C. Zakas.
- #7
Introducing EventStorming
Alberto BrandoliniThe deepest tutorial and explanation about EventStorming, straight from the inventor.
- #8
C++20
Rainer GrimmC++20 is the next big C++ standard after C++11. As C++11 did it, C++20 changes the way we program modern C++. This change is, in particular, due to the big four of C++20: ranges, coroutines, concepts, and modules.
- #9
Jetpack Compose internals
Jorge CastilloJetpack Compose is the future of Android UI. Master how it works internally and become a more efficient developer with it. You'll also find it valuable if you are not an Android dev. This book provides all the details to understand how the Compose compiler & runtime work, and how to create a client library using them.
- #10
R Programming for Data Science
Roger D. PengThis book brings the fundamentals of R programming to you, using the same material developed as part of the industry-leading Johns Hopkins Data Science Specialization. The skills taught in this book will lay the foundation for you to begin your journey learning data science. Printed copies of this book are available through Lulu.
Top Bundles
- #1
CCIE Service Provider Ultimate Study Bundle
2 Books
Piotr Jablonski, Lukasz Bromirski, and Nick Russo have joined forces to deliver the only CCIE Service Provider training resource you'll ever need. This bundle contains a detailed and challenging collection of workbook labs, plus an extensively detailed technical reference guide. All of us have earned the CCIE Service Provider certification... - #2
Software Architecture for Developers: Volumes 1 & 2 - Technical leadership and communication
2 Books
"Software Architecture for Developers" is a practical and pragmatic guide to modern, lightweight software architecture, specifically aimed at developers. You'll learn:The essence of software architecture.Why the software architecture role should include coding, coaching and collaboration.The things that you really need to think about before... - #4
Modern C++ Collection
3 Books
Get All about Modern C++C++ Standard Library, including C++20Concurrency with Modern C++, including C++20C++20Each book has about 200 complete code examples. Updates are included. When I update one of the books, you immediately get the updated bundle. You can expect significant updates to each new C++ standard (C++23, C++26, .. ) and also... - #6
The Python Craftsman
3 Books
The Python Craftsman series comprises The Python Apprentice, The Python Journeyman, and The Python Master. The first book is primarily suitable for for programmers with some experience of programming in another language. If you don't have any experience with programming this book may be a bit daunting. You'll be learning not just a programming... - #8
A Better Way to Learn JavaScript Book Series
5 Books
A series of 5 books that will guide you to JavaScript mastery. These books are in progress, as follows:Book 1, The Basics, 95% complete (679 pages)Book 2, Built-in Objects, 70% complete (about 280 pages)Book 3, Useful Snippets, 80% complete (391 pages, 134 recipes, plus a listing of 201 recipes from book 1, and 92 recipes from book 2)Book 4,... - #9
Linux Administration Complet
4 Books
Ce lot comprend les quatre volumes du Guide Linux Administration :Linux Administration, Volume 1, Administration fondamentale : Guide pratique de préparation aux examens de certification LPIC 1, Linux Essentials, RHCSA et LFCS. Administration fondamentale. Introduction à Linux. Le Shell. Traitement du texte. Arborescence de fichiers. Sécurité...
