Found XSS by bypassing the misconfigured CSP in one of the govt website of India!



Tip: Check out this new amazing tool that will be very useful in fuzzing interesting payloads, tags & events that will be useful when bypassing waf or csp (https://github.com/Asperis-Security/xssFuzz)

#Discussion 1: How can you start in bug bounty?

(Comment down your thoughts on how can be begin the hunting journey & let's start discussion on it!)

POV: It's late at night.. Your internet pack has just expired.. So you hacked your neighbors WiFi

#hackerman😎

Discussion #2: Which is the tool that you commonly use when doing web recon?
(Comment it down below)
For me it's Ffuf

Hi everyone! New video will be releasing tomorrow!(btw i have tried something new on this video so please let me know in the comments if this new format feels nice✌️)

Thanks for all your support!❤

Finally the video is uploaded! It will be published tomorrow between 11am IST to 12pm IST

Stay tuned😉

Hi everyone, New video is out!
Check out how i was able to bypass content security policy(csp) on a live target!

Video Link: https://www.youtube.com/watch?v=Hz6zfXMdl54

#Discussion 3:
You are given these two targets to find vulnerabilities

api.test.com (homepage returns 403)
test.com(returns a static web app)

What will be your methodology??

(Comment your approach below!)

This is crazy!!! I am really glad that you all are enjoying this video

Thank you all again for the love and support 💪

Two more bounties of this month!

Got invitation from a private program! They are really paying HUGGGEEEE bounty!!

Finally, I have finished shooting the last video of this month!
This video is very special, as it will really help beginners during their hacking journey

Releasing it in this week😉

Video scheduled! I am sure this new video will help you all (specially beginners) in the field of bug bounty!!

Release Date: 29th Sept 2024 (Sunday 11:30am IST)

#Discussion 4: What's the most underrated tool that you would recommend to bug bounty hunters?

HI everyone, New video is out! Check out how we can turn an informative report into traiged with these 3 effective ways!
https://www.youtube.com/watch?v=UEz_DKfmmCc

While i have shared a lot of my bug bounty success story with you all, let me share story of my failures!

You know, When i was starting bug bounty hunting, I was unable to report a valid vulnerability for 6 month straight! Every report that i submitted got marked as informative, not applicable and duplicate! At that time, i was very demotivated, stressed and depressed. I was thinking, "Maybe bug bounty is not my thing" but suddenly, I started questioning myself:
1. Didn't i wanted to learn cyber security because it is my passion?
2. Am i only focusing on reporting vulnerabilities instead of improving my skills?

By asking these questions, I understand one thing: I need to switch my focus on learning, improving and hacking instead of getting demotivated because i was not getting any rewards! And eventually, I was able to get that first vulnerability and now i can easily say that i am the better version of myself than before!

In this same month, BePractical reached about 1k subscribers!!
I remember how I used to create videos in my hostel... The audio quality were very poor at that time since there were always students who kept fighting outside my room since my room was near canteen😂... But still you people supported me... Thanks a bunchhh!!!!!!!! ❤️

Keep hacking

Hi everyone! We are excited to let you know that bepractical.tech website is back online! Unfortunately, We needed to remove the labs since there were some really critical vulnerabilities identified by us and few of our subscribers. However, we will be launching labs very soon. Stay tuned

Started working on a new video! Coming soon