My Hunting
Door Mian Mehran
1. Functionalities
1.1. Testing Login Page
1.1.1. 1
1.1.1.1. Forget Password
1.1.1.1.1. No Rate Limit
1.1.1.1.2. Info leak
1.1.1.1.3. Host Header Injection
1.1.1.2. Create Account
1.1.1.2.1. With Same Email(Victim's Email)
1.1.1.2.2. Blind Xss PAyload Use
1.1.2. 2
1.1.2.1. Login
1.1.2.1.1. Admin
1.1.2.1.2. User
1.1.2.2. 2 Step Verification
1.1.2.2.1. Bypassing OTP
1.1.3. 3
1.1.3.1. Contact US
1.1.3.1.1. Checking Bxss
2. Tools
2.1. Burp
2.1.1. Param miner
2.1.1.1. Finding Headers And Parameters For IDOR
2.1.2. Authorize
2.1.2.1. For Privilage Escalation And Idor
2.1.3. InQL
2.1.3.1. Finding Graphqal Endpoints
2.2. Kali
2.2.1. DirSearch
2.2.1.1. Finding Malicious Endpoints for unauthorization Testing
2.2.2. Fuff
2.2.2.1. Finding Endpoints And Parameters