Bugcrowd email+password login is broken

[sw33tLie]

I am aware that the login workflow with bugcrowd doesn't work right now. This is due to recent platform changes that moved the authentication to identity.bugcrowd.com.

Please use the _bugcrowd_session token as of now and pass it to the -t flag in bbscope bc.

Thanks

[molitona]

the tool doesn't fetch private programs on BC @sw33tLie

[molitona]

its not reliable at all over 20 private and public ones the tool didn't catch..

[sw33tLie]

Hey @molitona, can you share here one public program that the tool didn't catch? Thank you :)

[molitona]

oh sorry @sw33tLie after re-checking they were "Joinable ones" not public but, for private programs (invite+joinable) the tool didn't catch +20 of them yesterday, what reason?

[sw33tLie]

Hey, I don't see any obvious reason as of now. Do you have telegram/discord/twitter so that we can find out why this happens privately?

Thanks

[sw33tLie]

Hi, this should be fixed

[molitona]

hello @sw33tLie ,

sorry for late resp

with _bugcrowd_session lastest version

https://bugcrowd.com/bugcrowd https://bugcrowd.com/foxycart https://bugcrowd.com/freedomofpress https://bugcrowd.com/statuspage https://bugcrowd.com/whmcs

are not catched

used cmd:

bbscope bc -b -o u -t "XXX"

[sw33tLie]

Hey, i've confirmed that with multiple people and they all get those programs in their output. Are you 100% sure you're using the latest version?

Thanks

[molitona]

Hey, i've confirmed that with multiple people and they all get those programs in their output. Are you 100% sure you're using the latest version?

Thanks

yeah, i did 2 time with latest version with _bugcrowd_session

[sw33tLie]

Hi, there was an issue when iterating through the handle pages, sometimes the bugcrowd API doesn't return the correct total pages so I've changed the code and i don't trust that number anymore.

Could you check if now you get more programs?

[molitona]

it works fine now, all programs fetched. thanks!