search

sw33tLie / bbscope

Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
Apache License 2.0
1.01k stars 145 forks source link

Bugcrowd seems to have failed #48

Open Miracles666 opened 8 months ago

Miracles666 commented 8 months ago

image

Miracles666 commented 8 months ago

My cookie was just logged in

Miracles666 commented 8 months ago

@pradeepch99 @dee-see @sw33tLie @unstabl3

sw33tLie commented 8 months ago

Hi @Miracles666, I just tried that on my end and it works for me.

Are you using the _bugcrowd_session cookie? And are you sure you're using the latest version? Thanks

Phoenix1112 commented 7 months ago

@sw33tLie I am using the latest version, but it does not support private programs. It doesn't give any output.

INFO[0003] Fetching 0 programs...
INFO[0003] bbscope run successfully
Phoenix1112 commented 7 months ago

@sw33tLie I probably figured out the problem. When I checked the cookies, I saw that the "_crowdcontrol_session" cookie has now been changed to "_crowdcontrol_session_key". This is probably because of this. But even though I used the "_crowdcontrol_session_key" cookie, I still could not pull the data of private programs. Do any changes need to be made in the codes?

pdelteil commented 7 months ago

Same problem here.

sw33tLie commented 7 months ago

Guys as I said you now need to pass the _bugcrowd_session cookie not _crowdcontrol_session or _crowdcontrol_session_key.

image

Thanks!

pdelteil commented 7 months ago

Guys as I said you now need to pass the _bugcrowd_session cookie not _crowdcontrol_session or _crowdcontrol_session_key.

image

Thanks!

Yeah, I read that part before re testing.

Using that cookie gives the same result as described by other users. 

bbscope bc -t "eyJrXXXXXX" -o d

image

pdelteil commented 7 months ago

Even using the option to use email and password is not working: 


bbscope bc -E myhiddenemail@domain.com -P guessIt -l debug

DEBU[0000] Redirecting to: https://identity.bugcrowd.com/oauth2/auth?client_id...
DEBU[0001] Redirecting to: https://bugcrowd.com/dashboard 
INFO[0003] Login OK. Fetching programs, please wait... 
truncated
INFO[0004] Fetching 0 programs...                       
INFO[0004] bbscope run successfully
sw33tLie commented 7 months ago

Hi, sorry for this, it looks very weird. Are you able to use the --proxy http://127.0.0.1:8080 flag to proxy to your burp suite and see which error you're getting? I wonder if it's a 401 or something else...unfortunately I'm unable to reproduce.

Thanks