Recently I discovered a little OSINT trick that lets you discover if an email address has a Google account associated with it and, if so, the address of that account.
Something you’ll come across alot when dealing with web applications in Base64. What is Base64? Base64 is an encoding scheme used to convert binary data to ASCII text allowing binary data to be transmitted over channels that don’t handle binary data well. What’s great news for bug hunters is that a lot of applications trust Base64-encoded input, giving you more opportunities for discovering vulnerabilities.
In a recent post, I told everyone that instead of copying and pasting payloads they find on the web that they should learn how to make their own bypasses and create their own payloads. But, as someone pointed out to me on twitter, I didn’t go into how you can learn to make your own payloads. I don’t know of any canonical reference for this so I’ll just give you some of my own thoughts along with what’s worked for me.
Here’s a quick trick for you all.
The thing I love most about hacking is figuring out how things work. There’s something magical about feeding input into a black box and figuring out what’s happening inside based solely on its output.