Pablo García Perez - Bug Bounty Hunter

Introduction

By day, Pablo García Perez is Head of Finance at Wayra - Telefónica's global technological innovation hub. But by night, he dims the lights, launches Burp Suite Professional, and helps to fight cybercrime, as a bug bounty hunter.

As a self-avowed "non-technical" person, Pablo is an interesting case. He's certainly not let his lack of specialist knowledge hold him back. In his first two years as an ethical hacker, he's earned numerous bug bounties - and he's hungry for more.

Pablo will soon publish a book about bug bounty hunting under 0xWORD, aimed primarily at Spanish-speaking hackers. He's also a contributor to Telefónica Chief Digital Consumer Officer, Chema Alonso's popular cybersecurity blog "El Lado Del Mal" ("The Evil Side").

Key benefits

As a "non-technical" bug bounty hunter with limited coding experience, Pablo cited the following Burp Suite features and characteristics as being particularly beneficial to his work:

• Burp Suite Professional is easier to learn than most other bug bounty hunting tools.

• Burp Suite gives him the ability to proxy and edit every request made by his browser.

• He can see a history of every request his browser has made in a session, as well as the responses received.

• It allows target applications to be easily mapped - allowing discovery of hidden content.

Creativity is key - bug bounty hunting with Burp Suite Professional

The day Pablo first discovered bug bounty hunting was fairly ordinary. After a hard day's work as a financial auditor, he decided to kick back and watch a movie on a popular streaming platform. But something wasn't right. Pablo noticed that it should be possible to download the content he was watching to his own machine - outside of the paid application he was using to stream it.

Being an honest sort of person, Pablo tried to report this to the content provider - which he did. Except he didn't get very far. The provider had a bug bounty program, but it was strictly invitation only. They wouldn't take his report. But Pablo didn't let this snub defeat him. Those three new words - "bug bounty program" - were stuck in his mind.

Pablo started looking into public bug bounty programs - and began using Google Chrome DevTools to start scouring programs for vulnerabilities. Chrome allowed him to see what he wanted to change - but how could he actually change it? What he needed, of course, was an intercepting proxy. Pablo remembers the moment he first discovered Burp Suite. It was - as he puts it - as if a "huge wall" had vanished before his eyes.

Before too long, Pablo earned his first paid bug bounty using Burp Suite (for an open redirect vulnerability). Bear in mind that at this point, Pablo already had a successful career in financial auditing at a big four firm. But this $300 bug had him so excited that he immediately called his father (who has a background in Computer Science), to tell him the good news.

Pablo's story so far should be an inspiration to anyone out there who thinks they're "not technical" enough to understand cybersecurity, or bug bounties. While Pablo admits to being a lover of maths, there's little in his CV that would suggest his skills as a hacker.

One thing Pablo does credit to his success is his experience as a financial auditor. He's keen to point out that many cybersecurity vulnerabilities rely on an understanding of the processes behind an application - the way a business itself works. This is something that his auditing career has helped him with. So it turns out that sometimes, good hacking is about creativity, and capitalizing on the skills you already have.

The future of bug bounty hunting

Pablo is optimistic about the future of bug bounty hunting - which he sees as the next big security standard. And certainly - if the idea is to get as many trained eyes on an application as possible - a bug bounty program is a great way to secure your software. With sites like HackerOne seeing new records for bug bounty payouts all the time, the future looks rosy.

Like most hackers, Pablo dreams of finding a huge information leak or zero day vulnerability. But in the meantime, he's content finding simple, everyday bugs. He's always on the lookout for new ways to do this, but thus far, a combination of Google dorking and Burp Suite use has continued to (literally) pay dividends for him.

One thing's clear. If (as Pablo himself puts it) a non-technical person can use Burp Suite to find simple bugs that organizations have missed, then the bug bounty hunting industry is only likely to grow from here. In a world where software releases are done on a weekly, rather than an annual basis, bug bounty programs are a great way to keep web applications secure.

Pablo's favorite Burp Suite features

Pablo identified a number of Burp Suite features that are key to his bug bounty hunting methodology:

• Burp Repeater. Pablo loves Burp Repeater's simplicity. It allows him to easily edit the HTTP(S) requests his browser makes.

• The target site map function. This allows Pablo to efficiently manage his attacks, and to identify useful content for bug bounty hunting.

• Burp Proxy history. The ability to recall each and every message that has passed through Burp Proxy allows bug bounty hunters like Pablo to streamline their workflow.

About Burp Suite Professional

Burp Suite Professional is an advanced set of tools for testing web security - all within a single product. From a basic intercepting proxy to a cutting-edge vulnerability scanner, with Burp Suite Pro, the right tool is never more than a click away.