All Collections
Researchers
Getting started
Understanding testing requirements
Understanding testing requirements
Inti avatar
Written by Inti
Updated over a week ago

Programs may ask you to abide to specific testing requirements. This helps them understand what traffic is coming from Intigriti researchers, and allows them to control testing in a way that it does not affect their day to day operations.

Using your intigriti.me e-mail address

Every researcher that signs up for the platform gets an intigriti.me e-mail alias. All e-mails sent to <yourusername>@intigriti.me will be forwarded to the e-mail address you signed up with. If a program requires the use of intigriti.me, it means that you will need to use your personal e-mail alias to sign up. You can read more about intigriti.me e-mail aliases here.

Setting a custom header or user agent

Some programs demand that you are setting a custom header or user agent on every single request that you send. This can be of great value to the security teams on the other end to distinguish bug bounty traffic from malicious traffic coming in.

Watch this video to learn how this is done in Burp Suite (or read the step-by-step guide below):

Step-by-step guide:

Add custom user agent:

1. Go to Proxy – Options tab

2. Scroll down to “Match and Replace”

3. Click on “Add”

4. Set rule to:

Type: Request Header
Match: ^User-Agent.*$
Replace: User-Agent: <Agent as defined in bug bounty brief>
Comment: <a comment of your choice – not needed>


Make sure to tick the “Regex match” box

5. Search for your rule in the list and click on “Enabled”

Add custom header:

1. Go to Proxy – Options tab

2. Scroll down to “Match and Replace”

3. Click on “Add”

4. Set rule to:

Type: Request Header
Match: (leave empty)
Replace: <New header as defined in bug bounty brief>
Comment: <a comment of your choice – not needed>

5. Search for your rule in the list and click on “Enabled”

Please always read the bug bounty brief carefully and check if the program needs you to use custom headers. Otherwise, you risk getting suspended!

Did this answer your question?