Take your learning to the next level with BugBountyHunter Membership

"I don't do a lot of CTF etc... due to the lack of realism but on this platform, the bugs are quite varied AND in a realistic environment, that's exactly what I'm looking for. I think this site is a good sequel for those who start on PortSwigger WebSecurity and / or TryHackMe."

Jomar

Gain confidence testing web applications with BARKER

Practise hacking against a fully functioning web application named BARKER which contains over 100+ realistic findings you're likely to also find on bug bounty programs. Our bugs are designed from real world findings and our training platform is designed to help you gain the confidence to begin bug bounties.

BARKER is designed to put your web application knowledge & skills to the test as you're blindly hunting for functionality and features and testing them based on your knowledge around various vulnerability types, just like you would on a bug bounty program target!

Spend time learning how the various features work and then begin uncovering vulnerabilities hidden within, true hacker style! With over 100 vulnerabilities to discover, how many can you find?

No flags to find here! Instead of being told for example, "Find XSS and try bypass the filter!", you start with zero knowledge on how BARKER functions/works, you just know there are vulnerabilities to find. Your task is to test how the various features work and what they may be vulnerable to. These are real features that function just like a real website would: create an account, login, reset your password, edit your profile, post content, upload photos, create groups & more!

After discovering an issue you are then required to write a report exactly like you would on a real bug bounty platform, and your report will then be manually triaged. We are the only bug bounty training platform to offer a realistic experience with report writing and triage which enables us to get to know you along your journey.

"I love Barker because usually I don't spend enough time in apps and I missed a lot of vulnerabilities. Barker has helped me to think differently and to try something new every day."

— luisk2

Membership checklist

Our membership training is 100% hands on and all information needed to aid you with this can be found on our website for free. Before joining you should:

Be confident using a web proxy tool such as Fiddler or Burp Suite to monitor & modify web requests.

Have basic knowledge around common web application vulnerabilities such as Cross Site Scripting (Reflective, DOM, Stored), Cross Site Request Forgery, Server Side Request Forgery, Insecure direct object reference, and Application/Business logic issues.
All of this information can be found for free on our website for you to learn from

Not rely on automated security vulnerability scanning tools and automated scan results (such as Nessus). You can fuzz on our web applications to discover files/directories!

Your questions answered

How much knowledge is needed prior to joining?

As mentioned to the right, understanding how to use a web proxy tool such as Burp Suite or Fiddler is required. You should be able to confidently monitor HTTPS requests and be able to interact with them and changing data. For example sending a request on Burp suite to the repeater to test further on a certain parameter.

As well as this, knowledge on common web application vulnerabilities will be required before attempting BARKER. Our entire website contains information relating to various vulnerability types, as well as zseano's methodology, and we highly recommend you utilise all of this when testing on BARKER to help you.

Whilst there is a mobile website for BARKER you DO NOT need to know mobile testing as there is no mobile app and it is just a web application.

What can I hope to achieve from practising on your platform?

We hope after utilising all of our information on our site, practising hacking on our web applications and following zseano's methodology you will be able to discover web application vulnerabilities on bug bounty programs at ease and become exactly what you've been practising to be..

..a bug bounty hunter! This means applying what you learn on our web applications on real bug bounty programs in the hope for a bounty!

We have three web applications available, BARKER , KREATIVE (apart of BARKER) and FirstBlood. They work just like a real website would in the sense you can register, login, post content etc, and zseano's methodology is all about testing a main web application. The two together combined should be enough to help jump start your bug bounty journey and understand the mindset behind discovering vulnerabilities, as well as constructing an approach and adopting the mindset.

What are the rules of engagement when testing on BARKER?

You may scan for files/directories but please limit your scans to 3 requests per second.

Be professional. Treat our web applications as you would a live production server. Don't make it fall over and don't attempt to access or download & store source code and sensitive files relating to the docker instance.
For bugs such as SSRF, we have placed intentional files for you to try access.

Set your aim on looking for common Web application vulnerabilities such as XSS, CSRF, SSRF, IDOR, RCE, Information leaks, Application/Business logic issues. Test how the various features work and have fun!

No fully automated security vulnerability scanning tools (such as Nessus)
Where's the fun in letting a tool do all the work? We recommend you practise on our scope manually and learn how things work rather than relying on a tool. What we mean by this is not running something like Nessus and letting something automatically scan and send requests throughout the web application. You can use tools after a potential discovery such as sqlmap for SQL injections.

We do not currently consider rate limiting/brute forcing an issue
Even though these issues are accepted as valid on some bug bounty programs, we have not intentionally included any rate limiting or bugs that require brute forcing on BARKER

What types of issues will I discover?

You can find the Top 10 OWASP vulnerabilities across our web applications such as:

Cross Site Scripting (Reflective, DOM, Stored). You will also discover various filters you will need to bypass too!
Cross Site Request Forgery - Learn how to test if it's implemented securely.
Server Side Request Forgery - Can you read any internal sensitive files? Some filters may stand in your way!
Remote code execution - Can you execute your own .php code on BARKER?
Information leaks - From issues such as GraphQL misconfigurations, leaked API keys.
Application/Business logic issues - Break those features on BARKER!

You will also discover Insecure direct object reference, XXE, Authorisation Issues, Cross Origin Sharing and Server misconfigurations. There's over 100+ unique vulnerabilities to discover and you will most certaintly be occupied!

What happens after I discover an issue?

After discovering an issue you can then submit a report for triage. When creating a report it is recommended that you include information about what you have discovered such as the vulnerability type, vulnerable parameter, payload, and url affected, as well as information around the issue such as impact, but most importantly including a proof of concept. We should be able to easily replicate the issue described with a step by step process.

Triage can take up to 7 days however once triaged, if your report has been deemed valid then a unique BARKER-ID will be assigned. Multiple IDs can be assigned to one report. The more vulnerabilities you discover the higher the level you reach!

Can I chain vulnerabilities?

Bug chaining is completely optional. You can submit bugs singular, or you can chain multiple issues together in one report. For example for issues such as XSS you do not need to always chain it to prove the impact (such as showing you could do account takeover) however explaining the impact is recommended as it is best practise for when submitting on bug bounty programs. Sometimes not all XSS have the same impact (unauthenticated XSS for example).

With that said, you can chain something such as XSS to do an account takeover if you wish and create an epic report. Our web applications are your playground to practise what it's like to hunt for bugs and create a report for someone to triage/reproduce, as well as playing with various vulnerability types to see what they can do. Enjoy it, have fun! This entire experience is here for you to play and gain confidence with testing and creating reports!

Do you have a community?

Yes! Join a welcoming community of like-minded caring invididuals on Discord ready to help you with your hunt on our web applications. We have some extremely talented security researchers ready to help ease your queries or doubts and you can even team up to collaborate on our web applications together. As you reach Level 2 you will be invited to our #hacking-events channel where you can then also team up for our events.

BugBountyHunter membership isn't just about learning, you also join a family.

Please note when joining BugBountyHunter you will receive lifetime access to the discord.

Purchase Membership

Our membership program has come to an end after mentoring new security researchers for over 4 years. We've enjoyed every second of it and we wish all of our mentees the best of luck with their bug bounty journey.

"It is very awesome indeed, allowed me to experience with a target that is similar to real ones, allowed me to interact with this awesome community around it, and built my confidence."

— 0xSaltyHash