VPN, User-agent and other testing pre-requisites
In the 'Hunting Requirements' section, you will find details on how to access the scopes and how to identify as a bug hunter.
You will find 3 part in this section: VPN, account access and user-agent.
In which case is it mandatory?
The use of YWH VPN is mandatory when indicated in a Program's Rules.
In such case, you'll find the below mentions in the 'Hunting requirements' section of the program:
How to setup & use YWH VPN config?
In order to set up the YWH VPN, you (as a hunter) must open the drop down menu on the right end side of your account, and select the 'My YesWeHack tools' option and then the 'VPN' section.
Download the VPN configuration on your machine once.
Import said configuration on your VPN client (e.g. OpenVPN).
To use YWH VPN, login to the YWH VPN config with your VPN client with you YWH credentials (email + password)
You just need to download it once, your config will automatically update depending on the programs you are participating to.
How does YWH VPN works?
YWH VPN works as a rebound between Hunters' machine and a Program's scopes (servers).
In other words, when you try to reach a scope, your requests are routed through YWH VPN server, then forwarded to scope's server.
On client's side, your requests will thus appear as coming from YWH VPN outbound IP.
YWH VPN will route traffic when :
a) the target scope is part of a program where the VPN is enabled
b) the IP address on which the (sub)domain resolves has been correctly listed in the program's VPN IP list
c) the program is enabled
I have VPN login issues...
You need to use the same credentials you use for your YWH account in order to log into the YesWeHack VPN. Login will fail if the email (and not username!) and password are not the ones that the hunter uses for his YesWeHack account.
I have VPN logout issues...
Connection will drop after 2 min if no request to Program scopes is made.
Connection will drop if a hunter's VPN config is updated (program with VPN disabled, modification in program VPN IP list, ...)
Connection might also drop if several VPN instances were launched or are opened on several devices. In this case, you may change password in order to close previous processes/sessions that might have stayed opened.
If disconnections persist (in spite of being properly connected, without additional instances opened, and even though attemps to reach a VPN Program are made) we recommend re-downloading the VPN configuration and importing it once more.
2/ Account access
In this field, you will see instructions and/or advice on how to get account(s) on an app or how to name the accounts created for hunting purpose.
Moreover, there might be very useful information (process, prerequisites...) that hunters must complete in order to access the scopes of the program.
3/ User agent
It might be required for you to append your User-Agent with a specific chain of characters. If so, it is indicated in the 'Hunting requirements' section of the program:
Your tests might be blocked when the user-agent is expected but not used.
Thanks to the user-agent information, organisations might let you go further with your tests as they consider them as legit.