Hey there, fellow readers! It’s been a while, but I’m back – 0×2458 in the house! Today, we’re going to dive into something fascinating – the Wayback Machine. It’s like a digital time-travel tool that helps us uncover secrets from the past. But we’re not just exploring for fun; we’re looking for clues that can make our online world safer today and help you earn some cool and quick bounties! So, let’s put on our detective hats and start digging into the past to find those bugs! Ready? Let’s go! 🔍🕵️♂️
➥What is Wayback Machine? 🧐
The Wayback Machine is like a digital historian for the internet. It’s a project by the Internet Archive, a nonprofit organization dedicated to preserving the vast and ever-changing landscape of the World Wide Web. The Wayback Machine takes snapshots of websites at different points in time and stores them in its vast archive.
Imagine you want to see what your favorite website looked like five years ago, or you’re researching the evolution of a particular webpage. The Wayback Machine allows you to do just that. It’s a powerful tool for uncovering the history of websites, tracking changes, and even resurrecting content that may have disappeared from the web.
So, how does it work? The Wayback Machine crawls the internet, capturing web pages and storing them in its database. You can then enter a specific web address and select a date to view a snapshot of that website as it appeared on that particular day.
But why is this important? Well, aside from the nostalgic trip down memory lane, the Wayback Machine has practical applications, especially in the realm of cybersecurity. It can help us uncover vulnerabilities in websites, track changes that may have led to security issues, and ultimately make the internet a safer place.
➥ How to use Wayback Machine Effectively?
As a Bug-Hunter It’s Important to know how you can use Wayback Machine effectively to stay ahead of others in Bug-Bounty game, and make your way finding potential vulnerabilities before others! Here how you can effectively use Wayback Machine:
¤ Identify Code Changes:
Focus on snapshots where there have been significant code changes or updates to the target website. These changes can introduce vulnerabilities or security weaknesses.
¤ Check for Deprecated Technologies:
Look for snapshots that reveal the use of deprecated technologies, plugins, or software versions. These outdated components may have known vulnerabilities that attackers could exploit.
¤ Hunt for Hidden Endpoints/Parameters:
Search for hidden or forgotten endpoints, parameters, subdomains, or directories in earlier snapshots. Sometimes, these hidden paths may contain sensitive information or vulnerabilities. You can use these Endpoints on the current version of website and find Potential Vulnerabilities.
¤ Analyze Removed Features:
Examine snapshots where features or functionalities have been removed or altered. Changes like these may have unintended security consequences.
➥ Which Types of Bugs are there?
Wayback Machine is a valuable resource for bug hunters, but it’s important to understand what types of vulnerabilities you might encounter during your investigations. Here are some common types of bugs you can potentially discover in the Wayback Machine:
- Cross-Site Scripting (XSS):
Cross-Site Scripting vulnerabilities, often abbreviated as XSS, involve injecting malicious scripts into a website. When historical snapshots reveal past instances of XSS vulnerabilities, it means that at some point, attackers could have inserted harmful scripts into the site. These scripts could then execute in users’ browsers, potentially compromising their data and security. It’s possible that attackers can use those past parameters in current version of the website and exploit the vulnerability.
- SQL Injection (SQLi):
SQL Injection, or SQLi, is a vulnerability that occurs when a website doesn’t properly validate or sanitize user input. In the context of the Wayback Machine, discovering SQLi in historical snapshots means that in the past, there were potential opportunities for attackers to manipulate a website’s database. Such vulnerabilities can lead to unauthorized access, data manipulation, or even data theft. Attackers can find SQL error messages, Vulnerable parameters or even forms which are accessible in current time but not indexed in the google. This exploiting SQLi.
- Information Disclosure:
Information disclosure vulnerabilities occur when a website unintentionally exposes sensitive information. When examining historical snapshots, keep an eye out for instances where confidential data like configuration files or private documents may have been accessible to anyone visiting the site. These exposures can result from security misconfigurations or historical breaches.
- Directory Traversal/File Inclusion:
Directory traversal and file inclusion vulnerabilities can allow attackers to access files or directories on a server they shouldn’t have access to. When examining the Wayback Machine’s historical records, look for evidence of such vulnerabilities. These findings can be valuable in understanding past security weaknesses that may still exist or have been fixed.
- User Data Exposure:
User data exposure refers to situations where a website inadvertently reveals user information, such as usernames, email addresses, or other personal data. Exploring historical snapshots can uncover instances where this information was accessible in the past, either due to misconfigured settings, outdated security practices, or past data breaches. Detecting such exposures is critical for safeguarding user privacy and security.
- Security Misconfigurations:
The Wayback Machine can highlight instances of security misconfigurations, such as open ports, exposed admin panels, or weak authentication mechanisms that may have existed in the past and can be used in current version of the website.
- Deprecated Libraries and Components:
Outdated versions of websites might still rely on deprecated libraries or software components with known vulnerabilities, making them susceptible to attacks.
- Business Logic Flaws:
Historical snapshots could reveal flaws in the website’s business logic or workflow that may have been exploitable in the past or could potentially be exploited in the current version.
- Authentication and Session Management Issues:
Older snapshots might expose weaknesses in authentication or session management mechanisms, potentially allowing unauthorized access to user accounts.
- Cross-Site Request Forgery (CSRF):
Past versions of websites may contain CSRF vulnerabilities that could have been exploited to perform actions on behalf of users without their consent, and may or may not be exploited in the current version of website.
➥ Tools You can Use
Gathering Wayback URL’s is not an easy task if you’re doing everything manually. I would suggest a few tools which will make your workflow a bit easier.
⇢ Waybackurls by Tomnomnom
“Waybackurls” is a command-line tool created by Tom Hudson, who is known in the security community by the nickname “tomnomnom.” This tool is designed to help security professionals, penetration testers, and bug bounty hunters discover URLs that have been archived by the Wayback Machine. It is particularly useful for finding historical information about websites, which can be valuable for security assessments and vulnerability research.
Here’s a brief overview of how “Waybackurls” works and its main features:
Usage:
You can use the “Waybackurls” tool to extract URLs from the Wayback Machine by providing a domain or target as input. It then retrieves archived URLs associated with that domain or target.
Features:
- URL Extraction: “Waybackurls” extracts URLs from the Wayback Machine’s archive, including both the main domain and subdomains.
- Filtering: It allows you to filter URLs based on specific keywords, patterns, or file extensions, which can be helpful for targeting specific content.
- Custom Output: You can customize the output format to suit your needs, making it compatible with other tools or scripts.
- Concurrency: The tool supports concurrency, enabling it to fetch URLs quickly.
Here’s a simple command to run “Waybackurls” and extract URLs from a target domain:
echo "website.com" | waybackurls
This command would fetch URLs from the Wayback Machine associated with “website.com.”
“Waybackurls” is a valuable addition to a bug hunter’s toolkit because it can help uncover historical content and endpoints that may have been overlooked, leading to the discovery of security vulnerabilities or misconfigurations. As with any security tool, use it responsibly and within the bounds of applicable laws and regulations.
⇢ Manual Research in Browser:
You can also view all the URL’s of a particular website in any browser and device! You can try navigating to this link:
https://web.archive.org/cdx/search/cdx?url=*.google.com*&output=text&fl=original&collapse=urlkey
But remember if the Page is too big(i.e there are too much URL’s) Your browser/tab can freeze!
➥ What After Collecting URL’s?
Now You might use the tool mentioned above and fetch all the URL’s. But what after that? It’s obviously a difficult task to visit each link one by one. Instead of doing that, you can use some keywords/extensions to filter out the URL’s, which will make your work easier. Here’s how you can do that:
➤ After collecting the URL’s, Quickly sort them out by this command:
cat collected_urls.txt | sort -u -o sorted_urls.txt
➤ Now in that sorted file look for few interesting parameters/keywords using grep command:
cat sorted_urls.txt | grep /admin/
cat sorted_urls.txt | grep ?Id=
cat sorted_urls.txt | grep .php
cat sorted_urls.txt | grep ?redirect=
cat sorted_urls.txt | grep login
cat sorted_urls.txt | grep password
cat sorted_urls.txt | grep .js
and so on..
By doing this you can save time and discover few hidden parameters which are vulnerable. You have to further work Manually.
➥ Conclusion:
The Wayback Machine isn’t just a digital archive; it’s a goldmine for bug hunters. In a world where every click leaves a digital footprint, this tool offers a unique lens into a website’s history. Bug hunters can leverage its power to uncover vulnerabilities that may have slipped through the cracks. Whether it’s unpatched Cross-Site Scripting (XSS) flaws, historical SQL injection (SQLi) vulnerabilities, or forgotten user data exposures, the Wayback Machine provides a treasure trove of clues. By identifying and responsibly disclosing these vulnerabilities, bug hunters not only strengthen a website’s security but also earn lucrative bounties. It’s a win-win situation; the internet becomes safer, and bug hunters earn their well-deserved rewards, proving that valuable insights from the past can pave the way to a prosperous future in bug hunting.
➥ BONUS!
Wait! Were you leaving without your bonus part? Don’t do that, you gonna miss some cool information!
So this time I’ll Introduce you to two amazing tools! You can use this to leverage your skills and save your time!
- SQLi Automater By 0×2458
I’ve developed a SQLi Automation tool. My SQLi automation tool takes the list of URLs you’ve gathered using “waybackurls” and automates the process of injecting time-based blind SQL payloads into parameters. Here’s a breakdown of the tool’s functionality:
↪ Input Waybackurls: You start by providing the tool with the list of URLs collected from Wayback Machine archives. These URLs serve as your initial target set.
↪ Parameter Analysis: The tool scans each URL for parameters, specifically focusing on those with equal signs (=), as these are commonly associated with SQL injection points.
↪ SQL Injection Payloads: For each parameter found, the tool replaces the parameter value with a time-based blind SQL injection payload. This payload is designed to cause a delay in the application’s response if the SQL injection is successful.
↪ Time Delay Configuration: You have the flexibility to set the desired time delay for the payload using the -rt flag. For example, specifying -rt 10 will check for a delay of 10 seconds.
↪ Response Analysis: The tool sends the modified URLs with the SQL injection payloads to the target web application. It then monitors the responses for delays.
↪ Vulnerability Detection: If the application responds with a delay matching the configured time delay, it’s a strong indicator of an SQL injection vulnerability. The tool logs the vulnerable URLs and any additional information for further investigation.
Benefits:
Here are some key benefits of using this SQLi automation tool:
↪ Efficiency: The tool automates the repetitive process of injecting payloads and analyzing responses, saving you time during security assessments.
↪ Historical Insights: By scanning historical URLs from the Wayback Machine, you can uncover vulnerabilities that may have gone unnoticed in the past or have been overlooked by automated scanners.
↪ Customization: You have control over the time delay setting, allowing you to adapt the tool to different web applications and network conditions.
- Rayder by Devansh
Rayder is a versatile command-line tool designed to simplify the orchestration and execution of complex workflows. With Rayder, you can define your workflows in a YAML file, organizing them into a series of modules. Each module contains a set of commands to be executed in a predefined order. The real power of Rayder lies in its ability to automate and streamline these workflows, making it easy to handle repetitive tasks efficiently. It allows for parallel execution of commands within modules when they don’t depend on each other, boosting overall efficiency. Whether you’re testing for vulnerabilities like XSS or SQL injection, or any other workflow automation, Rayder provides a straightforward and flexible solution to help you get the job done effectively.
