DEV Community

vkili
vkili

Posted on

37 1

Bug bounty hunting with LLMs

I haven't been bug bounty hunting for a while now, but recently, I've been trying to get back into the game. I thought it'll be easy to dive right back in --- but bug bounty hunting is definitely getting harder. Compared to a few years ago, secure development practices have become more common, and WAFs are now ubiquitous. These are really exciting wins for security professionals, but they’ve definitely made life harder as a bug bounty hunter! Looking for bugs was never straightforward, but this time around, I really feel the need to up-skill.

To keep things fun (and to compensate for my rusty web hacking skills), I’ve decided to implement new workflows and hopefully learn some new things in the process. One of the approaches I’ve started using is integrating LLMs to help investigate potential security issues in web apps.

LLM-based applications have already become an integral part of my software development workflow. I use ChatGPT to write scripts, understand other people's code, and leverage Copilot for more complex development tasks.

But similar processes can also be applied to security research. For open-source bug bounty programs, LLMs make it really easy to understand large codebases. For example, you can ask: Which components process user input? Where does user input enter this application? And so on.

If the source code isn’t available for an application, you can ask questions like: How is this functionality usually implemented? How does this usually work in this framework? As more organizations use AI tools like Copilot in their development processes, you can even ask Copilot to recreate an application’s functionality and go from there. Then, you can ask GPT for investigation ideas and write scripts to automate parts of your recon.

I don’t think LLMs can help automate too much of bug bounty hunting yet. Many bugs will still need to be found and confirmed manually —--logic issues, information leaks, privacy concerns. But they are pretty useful for learning and researching new areas of security.

Helpful prompts

Learning

What are some common security issues that affect applications of this type?
How is this functionality usually implemented?
What are the consequences of X bug?
Are there any privacy or info leak concerns for an application that does this?
What are some other security issues that tend to affect this functionality?

Hunting

How does X usually work in this framework?
How does this framework process user input?
What are indicators that an app is affected by X bug?
What is the impact of X bug? How does an attacker exploit this bug?
How does X bug cause info leak / session hijacking / other unintended consequences?
Write me a script to do X.
What are some common defenses against X? What are indicators that they are in place?


Thanks for reading! Want to connect? Feel free to reach out on https://x.com/vickieli7.

Image of AssemblyAI tool

Challenge Submission: SpeechCraft - AI-Powered Speech Analysis for Better Communication

SpeechCraft is an advanced real-time speech analytics platform that transforms spoken words into actionable insights. Using cutting-edge AI technology from AssemblyAI, it provides instant transcription while analyzing multiple dimensions of speech performance.

Read full post

Top comments (1)

Collapse
 
sawyerwolfe profile image
Sawyer Wolfe

What a unique approach! Have you found that LLMs consistently provide accurate insights when analyzing security-focused code, or are there certain areas where they still fall short?

Image of AssemblyAI

Automatic Speech Recognition with AssemblyAI

Experience near-human accuracy, low-latency performance, and advanced Speech AI capabilities with AssemblyAI's Speech-to-Text API. Sign up today and get $50 in API credit. No credit card required.

Try the API

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay