Back.

How to find bypasses

Cover Image for How to find bypasses
ibadus
ibadus

How to find bypasses

In this article we'll talk a bit about how to find exploits/methods/ways to make a website work at your advantage. I will mainly talk about bypasses related to web seacurity especially anti-bots/queue... but I'm sure that you could apply some tips to other fields too.
The aim of this article is to explain some basics and show some tools and ressources to continue your journey. Maybe in other articles I'll go more in depth.

The basics

Bypasses are simply modifying at your own advantage the way the server handle your request, this could be done from changing your cookies to using another domain.
What you really need to understand is that bypasses are not dark magic, it's all about learning/testing how the server is working on the other side.

For example:
Imagine that when you're trying to scrape a news paper website you're getting blocked by an anti-bot. That's really annoying, but let's try to find a way to interact with the website (server) without getting blocked. To find something that work you could either try everything that comes to your mind randomly and pray it would work... but it wouldn't be the best thing to do. Rather let's try to understand how the website works and how we could take advantage of it. A lot of news paper work a lot on their SEO. To increase their SEO they sometimes allow some third parties services (such as google, yahoo...) to acces their website without being blocked to allow them to scrape/reference the webpage. So let's try to find how we could try to fake our identity to be treated as a SEO bot. To acheive that we're going to look how these bots gets identified, the answer is that these bots are identified by their headers and more especially the "user-agent" header (you can think the user-agent as a identity card that specify who you are). In our case we'll look for "user-agent" of bots and the most commons ones are the google ones. Here we just found a way to bypass the anti-bot since the website will now treat us as a google SEO bot and not as a random person therfore we will not get blocked again. This was a really simplified example but the idea is there.

Tips to find bypasses

  • First of all taking notes is one of the most important thing to find bypasses, you're going to spend a lot of time trying stuff and the last thing you want to do is to try the same things again and again because you forgot.

  • Taking the time to understand how the server works is really helpful. To help you always check if there is a documentation... Always RTFM.

  • Most of the time blindly testing stuff won't work... don't waste too much time on that, rather take the rigorous path of taking notes, understanding the website...

  • Taking the time to search on internet, there are a lot of bypasses in the nature literally waiting to be found (such as devs open sourcing stuff, devs leaking api keys...). Learn how to google dork, use everything that could lead you to find "hidden" stuff.

  • Always try to learn more about cybersecurity, check the ressources at the end to level up your knowledge 🤓

  • Learn how to use your tools, this is really important. Try to be an expert on each tool you use, it will allow you to achieve way more!

  • Practice, practice, practice. The more you're going to try to better you'll be, don't give up! Check ressources below to find where you can practice and learn to improve your skills.

Some tools to find bypasses

  1. Charles, intercept and modify your requests/responses
  2. Postman / Insomnia, create and send requests
  3. BurpSuite, pentesting tool.
  4. EditThisCookie, edit your cookie easily
  5. Whatruns + Wappalyzer, know what technologies are used on a website
  6. JSON Viewer, JSON prettier in browser
  7. ModHeader, edit your headers easily
  8. Github, to find open source stuff (tools...)
  9. Google dorking, to find "hidden" stuff
  10. Chrome dev tools, to inspect elements, look at sources and more...

Ressources

Websites to practice && Learn

  • Root Me, my goto website to practice and learn hacking
  • Hack The Box, another website to practice and learn hacking (there is a fun challenge to sign up)
  • Sneaker dev challenges, very cool project with 2 challenges to start with. Simply clone the repo and run the app.js
  • Finding forums about cybersecurity could be a really nice place to learn. But here I will leave you find them by yourself. But here is one made by veritas

Videos/Podcast to Learn

Warnings

As a responsible being, if you find critical vulnerability or anything that could harm a website, do not play with it. You could face serious problems, if the company has a bug bounty program try to report it through it, otherwise don't try to be a hero sending an email or something to the company leave it there and don't touch it!

Never go too far to find bypasses. The objective is to find optimization, new paths not to break stuff and don't use legally reprehensible ways. Be smart!