avatarkerstan

Summary

Kerstan shares a method for discovering the origin IP of a target during bug bounty hunting, using a tool called hakoriginfinder.

Abstract

In a blog post titled "How I Discovering the Origin IP In Bug Bounty — Bug Bounty Tuesday," Kerstan introduces a technique for penetration testers and bug bounty hunters to uncover the actual IP address of a target that is behind a Web Application Firewall (WAF). The method involves using the hakoriginfinder tool developed by hakluke to scan the target's IP range, which is identified by the target's Autonomous System Number (ASN). Kerstan provides a step-by-step guide on how to use this tool effectively, emphasizing the importance of bypassing WAFs to accurately identify the Origin IP for various purposes, such as sending direct requests to the server. The article also encourages readers to support the author by clapping for the article, following the author, or buying him a coffee through a provided link. Additionally, Kerstan invites readers to explore more bug bounty insights through his other articles and recommends an AI service, ZAI.chat, as a cost-effective alternative to ChatGPT Plus.

Opinions

  • The author, Kerstan, believes that finding the Origin IP is a powerful technique in bug bounty hunting.
  • He endorses the hakoriginfinder tool by hakluke as a simple yet effective solution for identifying the Origin IP.
  • Kerstan values community support and suggests ways for readers to show their appreciation for his work, such as clapping for the article, following him, or making a donation.
  • He sees the act of bypassing WAFs as a significant step in the bug bounty process, which can lead to more effective server testing.
  • The author promotes his other writings as valuable resources for those interested in learning more about bug bounty methodologies.
  • Kerstan recommends ZAI.chat as a budget-friendly AI service that offers similar capabilities to ChatGPT Plus.

How I Discovering the Origin IP In Bug Bounty — Bug Bounty Tuesday

Subscribed to: https://medium.com/@kerstan

Hello everyone, I’m Kerstan.

Today is Bug bounty Tuesday, I will share with you how to find your target’s Origin IP during bug bounty hunting.

So, let’s dive right in.

Image generated with PaintingForYou

1. Intro

During pentesting, we may encounter different WAFs (Web Application Firewalls) that prevent us from finding the accurate target IP. I am going to share how to find your target’s Origin IP during bug bounty hunting.

When you’re hunting on a bug bounty target and WAF stands in your way, here’s a powerful technique to uncover the Origin IP by scanning the target’s IP range.

I’ll be using a simple yet effective tool called hakoriginfinder by hakluke! Get it!!!

https://github.com/hakluke/hakoriginfinder

https://github.com/hakluke/hakoriginfinder

2. methodology

Here’s my methodology to find the Origin IP using this tool and technique:

  1. Discover your target’s ASN and check : https://bgp.he.net/AS33848#_prefixes

2. Make a note of the target’s IP range.

3. Assuming you have a WAF-protected domain called example[.]com. Use this command with the IP range Identified in step 1 and pass your target host against the -h parameter: `prips 93.184.216.0/24 | hakoriginfinder -h example[.]com`

hakoriginfinder running

If you receive a “MATCH” output, there’s a strong likelihood that you’ve successfully identified the Origin IP. Now, you can send requests with the same Host header to bypass WAF or for whatever your mission requires.

3. Sub

Check ASN

Note target IP range

Use HakOriginFinder

If this writing has been helpful to you, please consider giving it a clap and following. Thanks bro.

Alternatively, you can just buy me a coffee here, any sort of support is much appreciated. Enjoy your reading.

If you want to learn more knowledge about Bug Bounty Tuesday, please be sure to take a look at my latest articles.

How I Discovering the Origin IP In Bug Bounty — Bug Bounty Tuesday

Unauthenticated Jira CVEs Check List — Bug Tuesday

How I Find Open Redirect Bug — Bug Bounty Tuesday

My SSRF Tricks — Bug Bounty Tuesday

Get IDOR In No Permission To Access Page — Bug Bounty Tuesday

How To Get A XSSI Bug In Bug Bounty — Bug Bounty Tuesday

Account Takeover on International Exchange — Bug Bounty Tuesday

URL Redirection To DOM XSS on Hackerone Programs — Bug Bounty Tuesday

3 Cases of DOM XSS in Bug Bounty

3 Steps Discovered XXE You Should Know

URL Redirection To DOM XSS on Hackerone Programs

How I Discovered SSRF on Hackerone Program

How I Automatically Discovered SSRF on Hackerone Program

PS.

Subscribe Here.

Cybersecurity
Technology
Bug Bounty
Security
Programming
Recommended from ReadMedium
avatarloyalonlytoday
Finding the origin IP part 2

Learn a few techniques to find the origin IP

3 min read
avatarKarthikeyan Nagaraj
Guide to Finding and Exploiting Web Cache Poisoning

Why you should learn Web Cache Poisoning? | Bug Bounty Essentials by Karthikeyan Nagaraj

5 min read
avatarhackersatty
Autorize & IDOR: How a Simple Token Swap Exposed Sensitive Data

About Me

4 min read
avatarMichael Cooter
A Beginner’s Guide to Testing for Server-Side Request Forgery (SSRF)

In a few weeks, I’ll be taking the Offensive Security Web Assessor (OSWA) certification exam from Offensive Security. As part of my…

5 min read
avatarAbhirupKonwar
Best VPS for Bug Bounty & Pentesting

Personal favorite of many researchers

4 min read
avatarbombon
Hijacking Sessions with IDOR and XSS— @bxmbn

Picture a platform designed to handle sensitive documentation — think insurance claims or identity verification — turning into a goldmine…

4 min read