How Bug Bounty in a Box is currently versioned:
- Lil' bug fixes that don't modify any features will be revisionary version releases.
- New features, changes in functionality, or major refactoring will be minor version releases.
- After 1.0, the versioning strategy will change. 😄
This mini-release adds a payload for XXE via an SVG file! Anddddd that's it! Nice!
This lil' release only logs requests for valid, non-index routes 'cause it gets noisy 😅. I've also fixed a bug with the SVG & XML payloads.
This second pre-release version contains some new routes:
/payload: Will return payload file of your type choice with a callback URL for your Bug Bounty in a Box instance.- Includes the following payloads:
- XSS via JavaScript file
- XSS via SVG
- XXE via XML file
- Includes the following payloads:
/unauthorized: Sends a 401 for non-OPTIONS & non-HEAD requests with aContent-Typeheader of your choice.
As well as the following changes:
- Docker container for the server!!
- Actually log/message the request URI. My b. If you were alreadying parsing request logs, you'll need to account for the fact that the request URI is now the first attribute in the log.
- Configuration is now loaded on server start instead of first request.
- Fixed a bug where you couldn't pass in a custom config file location. Sorry about that!
- Removed some debug
ps. Whoops. - Removed my hardcoded
hack @ ajoekerrreferences. Now you won't see me & Juniper in Slack 😅. - Some doc updates. Nothing huge.
Initial version! This version includes all of the features that are listed in the README.