Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- The first point is really interesting! People on bug bounty programs tend to look for the same bugs. So, this guy recommends looking for functionality not usually visible to the user.
- Normally, the service comes from the payment provider and the server. However, this person stumbled upon the internal API docs for Stripe.
- This API was not locked down because users did not usually visit it.
- By using this API, it was possible to forge a payment request.
- Payment related webhooks are commonly used in subscription based programs. So, this could be a jackpot!
