• @LooseSecurity When doing a bug bounty always read previous reports. It helps you figure out what kind of issues existed in the application in the past and saves a lot of time on reconnaissance.

  • When you are writing an http/https tool you can use an intercepting proxy with:

      export http_proxy="http://localhost:port"
    

    or with a username password

      export https_proxy="http://usrname:passwrd@host:port"
    

    To revert back:

      unset http_proxy
    
      unset https_proxy