Seeing all the interesting technical bugs that people find can be a bit discouraging when you don’t know how they work, you start thinking that maybe you will never find anything.
However I want to propose a technique which is really simple and only requires you to have a Browser and Burp Community: Request Modification.
I think as a hacker with a curious mindset you should always be looking at what requests are being made by the website you’re interacting with, and with that comes the idea 💡.
What happens if you modify the values in the request you’re sending? Does the website respond well? Does the website behave illogically? Does it find an error but continue anyway?
Well, this was exactly how I found my first bounty on a fantasy football game.
There was a build team part of the site, and as a user you have a nice UI to interact with and one of the things you can do is choose 1 and only 1 captain for your team. However looking at the request that is being sent when building said team I could see that every player in the JSON body had a “captain: true” or “captain: false”.
My first thought was to immediately set everyone to “captain: true” and to my surprise it worked. This was a vulnerability because the matches between player teams had monetary prizes and the captain tag was supposed to make only 1 player 50% stronger, I now had my whole team 50% stronger.