ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How to Make Money From Ethical Hacking and Bug Bounty Hunting

Updated on February 27, 2020
Jacob Petrov profile image

Jacob is an Ethical Hacker / Bug Bounty Hunter wishing to share his knowledge and help you learn the basics.

No Coding Knowledge Is Required for This Article!

Disclaimer:

All information given in this article is provided under the assumption that the reader will use it ethically. You should never hack anything without prior consent to do so.

Introduction for the Technologically Illiterate

"But Jacob..." I hear you saying "...I hardly know anything about computers, you really think I could learn how to hack?"

To that I say yes! For starters, hacking isn't like what it is in the movies, it's much calmer and a lot more accessible, you don't need to be a computer science genius to start.

What you do need is the ability to learn, there are many resources on the web to teach you. If you put the effort in you'll be hacking like a pro in no time.

I know it's incredibly overwhelming. "where do I even begin?" well that's the whole point of this article. Give it a read and see if this industry is for you, it makes a great side hustle too!

What Is Covered in This Article?

  1. How Does One Make Money From This?
  2. Where to Find Bug Bounty Programs?
  3. Where to Begin: The Basics of Web Hacking
  4. What you Need
  5. Where to go From Here

How Does One Make Money From This?

Bug Bounties:

The way this works is rather simple, some companies have a bug bounty program. What that means is they will pay you to find flaws in their websites. It's essentially something that gives you permission to hack.

Why do Companies Want This?

If you find a bug, report it to them and they fix it, then it means a real hacker can't exploit that bug. It just saves them the headache of dealing with pesky hackers.

That's it! Simple concept! if you find a bug, they pay you. Now let's go deeper, How do you actually start? how do you find bug bounties and most importantly how do you even test for bugs?

Important:

You do need permission to search for bugs. Don't just start trying to break things!

Where to Find Bug Bounty Programs?

First let me start this by saying don't worry about finding programs just yet, first we should learn how to look for bugs and then we can look for programs. Why I put this paragraph here is so you can see how easy it is to find programs once you know how to look for bugs.

There is one site I recommend for beginners, and that is hackerone.com. Open a new tab and check it out and you'll see what they're about.

HackerOne is free to use and immediately throws you into the action. Yes that's really it, you make an account and you have hundreds of programs at your disposal. This is what I mean by how accessible web hacking is. There's no barrier for entry.

Let's move on to what you'll actually need to know to start hunting!

Where to begin: The Basics of the Web

I bet you thought hacking required the ability to code; All those movies of people in hoodies typing 200 words a minute? Yeah... not really like that at all. Don't get me wrong, coding knowledge certainly doesn't hurt, but by no means is it a requirement.

So what the hell even is hacking then? Well there are a lot of different types of hacking, but for bug hunting you only need to know Web Hacking. This involves a basic understanding of the HTTPS protocol. Don't worry, that sounds really intimidating but it's actually not. HTTPS is just the the way the web communicates. The next article I write will go into the details of the HTTPS protocol, but for now what you need to know now is that there is a request packet and a response packet.

You see, a simplified way the internet works is like this, you have a browser, the browser sends a request packet to a web server and the server sends a response packet back.

Let's use this site as an example, you clicked on this article which sent a request packet to the server. The server responded with the response packet holding the HTML that makes up this page. Your browser displays the HTML which allows you to read the text you currently are.

Let's use the same example but with a malicious intent. First, you send a request packet to a server but catch it with a tool called a web proxy. A web proxy is a fancy name for a tool that let's you read and edit your request packets before sending them to the server. So let's edit your request packet to be malicious, instead of asking for this article, let's say you ask for a page you're not supposed to able to see. You then send it on it's way and the server gets the request. The server should see that there's something wrong and ignore it. However, if the server doesn't ignore it, then you can access data you shouldn't be able to. Badabing badaboom you got yourself a bug.

Now it's obviously more complicated than that, but that is the core concept.

What You Need

Web Proxy

I mentioned it in the previous paragraph, a web proxy intercepts web packets being sent between you and the server. This just allows you to edit the packets and see if you can break the site. This is an essential tool for an ethical hacker. There are many web proxies to choose from. The one I fully throw my weight behind is Burp Suite

Burp Suite

Burp Suite is a free to download web proxy. It's created and maintained by Port Swigger. A quick google search will take you to the download page. It is available for Mac, Linux and Windows. I'll write an article later on setting up burp suite, but believe me when I say there is no shortages when it comes to burp suite tutorials. It's kind of a pain to set up (meaning you can't just install it and run it) you have to do a little tampering with certificates and your browser of choice. But again, many tutorials and it is an essential tool.

Where to go From Here

Well I tried to make this article as accessible to the layman as possible, and because of that you're not ready to start hacking real sites yet. This article was to get the core concept across so you could see if you're actually interested in a career (or side hustle) of ethical hacking.

If you are interested, I will be writing more articles, but right now I recommend hacker101.com. They teach you all the basics. They have virtual machines for you to start hacking on as well as a whole plethora of video tutorials on the types of bugs to look for. I really can't recommend that site enough.

I will be exploring concepts like XSS, CSRF, HTTPS in the future. I hope you're as eager to learn as I am to teach.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

Comments

Submit a Comment
  • sachnikh profile image

    Nikhil Sharma 

    3 weeks ago from India

    Thanks for creating such a nice hub on hacking. I came to know about lot of new terms and insights on this field. I will be happy to connect with you, Jacob.

working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://maven.io/company/pages/privacy

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)