BugBase Documentation
  • 👋Welcome to BugBase Docs
  • Overview
    • 💡What we do
    • ⚡Changelogs
    • ✨Our Features
    • 📂Programs at BugBase
      • Vulnerability Disclosure Program (VDP)
      • Bug Bounty Program
      • Private Bounty Program
      • Pentest Program (VAPT)
  • Report Lifecycle
    • Bug Report
    • Report Status
  • How To
    • 👨‍💻Invite Organization Members to BugBase (RBAC)
    • 🚩Setup a Campaign for better program engagement
    • 🐛Submit a Bug Report on BugBase
    • 📑Create a Bug Bounty Program on BugBase
    • ⬇️Download the mobile app
  • Company Guide
    • 👨‍💼Create a Company Account
    • 🧭Navigation
    • 🛡️Assets Dashboard
    • 🗝️Credential Vaults
      • Creating a Credential Vault
      • Adding Credentials to Vault
      • Connect Credential Vault to an Asset
      • Require Whitelisting for a Credential
    • 🔐VPN Servers
      • Create, Configure and Deploy VPN server
      • Monitor Live Statistics and Logs
    • 🗂️Programs Dashboard
      • ⛳Create a Program
    • 📢Customer Support
    • 💵Bounty Bin
    • ⚙️Company Settings
      • 👨‍🏫Profile
      • 🏢Organisation
      • 👨‍🏭Roles and Permissions
      • 🔐Security & Authentication
        • Multi-Factor Authentication
        • SSO with SAML
          • Okta SSO setup via SAML
          • Google SSO setup via SAML
      • 🎨Customization
        • Automations
        • Report Tags
      • 📙Manage Access
    • 📈Insights Dashboard
    • 🔊Campaigns
    • 💲Understanding Currencies Used in BugBase
    • 🤝Whitelist
  • Program guide
    • Bug Bounty Dashboard
      • Program Reports Section
        • Report Components
        • Report Actions
        • Duplicating Reports
        • Assigning Swags
        • Assigning Bounties
        • Assigning Thanks to Reporters
        • Assigning Bonus Bounty
        • Automatic Response Generator using ChatGPT
      • Program Policy
        • Editing Program Policy
          • Best Practices For Designing Policy
          • Best Practices For Bounty Tables
      • Payouts
      • Settings
    • Private Bug Bounty Dashboard
      • Invite Hackers
      • Manage Credentials
    • VDP Dashboard
    • Pentest Dashboard
      • Pentest Overview
      • Vulnerabilities Section
        • Pentest Report Components
        • Pentest Report Actions
      • Global Pentest Chat
    • Competition Dashboard
      • Dashboard
      • Creating a Competition
        • Adding Challenges
      • Manage Competitions
        • Statistics
        • Leaderboard
        • Manage Users
  • Bounty Hunter Guide
    • Bounty Hunter Dashboard
    • Bounty Hunter Profile
    • Programs Directory
      • Program Policy Page
      • Credentials
      • VPN Access
      • Whitelist
      • Collaborate
    • Bounty Hunter Reports Section
      • Submitting Reports
      • Interaction with Program Representees
      • Collaboration
      • Response Generation through ChatGPT on Report Chat
    • Competitions
    • Discord Community
    • Leaderboard
    • Multi-Factor Authentication
    • Settings
      • Verify KYC
    • Email Alias
    • 🚀Apollo Community
  • Integrations
    • 🔗Supported Integrations
    • Webhooks
    • JIRA
      • Creating a JIRA Issue
    • Slack
      • Managing Integration
    • Microsoft Teams
    • Github
    • Asana
    • Sumo Logic
    • PagerDuty
  • on-premise
    • Running Automated Testing
    • Sandbox Environment
Powered by GitBook
On this page
  • Program VPN servers
  • 1. Viewing VPNs
  • 2. Downloading VPN Configuration
  • 3. Understanding VPN Configuration Details
  • Connecting to VPN using the config file

Was this helpful?

  1. Bounty Hunter Guide
  2. Programs Directory

VPN Access

VPN is essential to access the specified assets in the program. It's important to note that these assets cannot be accessed without connecting to a VPN.

PreviousCredentialsNextWhitelist

Last updated 1 year ago

Was this helpful?

Program VPN servers

1. Viewing VPNs

  1. Go to the program policy page and choose the Credentials & VPN tab.

  2. You will see a list of VPN servers that the company has created.

  3. Click on "View Server Configuration" to see the VPN configuration details.

2. Downloading VPN Configuration

  1. To obtain the OpenVPN configuration file, click on "Download Configuration File" button.

3. Understanding VPN Configuration Details

  1. Server Name: This is the name given to the VPN server.

  2. Server Status: Indicates whether the VPN server is currently running, stopped, or in the process of deploying.

  3. Rate Limit: This refers to the maximum number of requests per minute allowed through the VPN, ensuring fair usage and server stability.

  4. Countries: Lists the countries from which you are allowed to access the VPN.

  5. Accessible Assets: Shows the specific domains (assets) you are permitted to test. Each domain includes:

    • Asset: The specific domain or asset you have access to.

    • Active Time Period: The time range during which the asset is available for testing. NOTE: All time range is in UTC timezone.

    • Blacklist Routes: Any API routes or paths that are off-limits, even when connected to the VPN.

Connecting to VPN using the config file

Once you have .ovpn file downloaded ( config file ). Follow the below steps:

  1. Add the domains/in-scope targets of the program to your /etc/hosts file

    1. Lookup the DNS resolution of the target domains.

    2. Add the Addresses to the /etc/hosts for your linux systems or the corresponding local resolution files for Windows and MacOS.

    3. Connect to VPN Server using the .ovpn file with sudo permissions.

    4. Confirm a valid connection by checking the newly assigned IP on the tun interface.

      • `ip a` - Linux User

      • `ipconfig` - Windows User

      • `ifconfig` - MACOS

    5. Confirm additions of the domains/targets to the routing table

      • Linux users can use the route command to do this

      • MacOS Users can use `netstat -rn` command to do the same

      • Windows users can use `route print`

    6. In case the target domains are not live or do not have a valid IP address on Lookup, the IP will be separately mentioned in the Program description

Please wait approximately 2-5 minutes before starting testing to ensure a smooth experience.

Learn

Example: docs.google.com and bugbase.in are the domains/in-scope targets in the VPN configuration. Check .

how to connect to VPN using the config file here.
here for the accessible assets