This blog will walk you through the technique that I used to bypass Touch ID authentication feature implemented on the Login Page in Evernote and Dropbox IOS apps. Just Before Getting Started, I will list down the tools that were used in this process: Iphone 6S with ios 13.3.1 Checkra1n…

The only reason I am blogging about this finding is to help guys who are facing difficulty in setting up Gitrob since it has been rewritten in Go and not many people out there are familiar with go.So, lets begin: Few days back I got a private invite on hackerone…

This blog is about a vulnerability that I found in a program on hackerone i.e. Wakatime.It is a platform for developers and has an active bug bounty program on hackerone. I decided to write a blogpost on this bug because I think this test case I used in finding the…

Hey Everyone, this blog will help you in understanding the basics about how to setup your own hidden service on Tor network.Before going through the actual procedure let’s first try to get a brief understanding of how the Onion routing in Tor browser or Onion Proxy works. Tor Browser as…

Overview Few days back I read this blog by James Kettle(https://portswigger.net/blog/practical-web-cache-poisoning),as per his blog various Companies that have a website hosted on a web server generally use softwares like Varnish for cache control purposes.Even CDN’s like fastly or Heroku use Varnish for maintaining cache. So,How this cache thing works?When I read…

Today I would like to share my work on how i automate my tasks using bash scripting for Web app pentesting.One month back I saw this tool on my twitter feed named as “Eyewitness”, this tool could be used to get information about whether Multiple sub-domains of a particular Domain…

JSON CSRF attack on a Social Networking Site[Hackerone Platform] Before describing the actual attack scenario let us first discuss what is CSRF attack ? Basically lets consider Victim has an active session on a website and lets say victim has some details in his/her settings page on that website …

One year back when i was hunting for bugs , I got a call from my friend and he told about the multiple open redirection issues he had found in various sub-domains of google , more than 30 domains were affected, i got excited to hear that but as google…