It really depends on the use case, but I wouldn't use free VPN, as one can expect they will store logs and sell any data gathered about your browsing history. And using said VPN for hacking (bug bounty) can be against ToS.
Anyway, if you want to hide your IP, I don't think that Cloudflare Warp, which others suggest, actually does that. The best would be to build your own, even for free, as many cloud providers will give your free tiers for the first year or so.
I personally pay for ProtonVPN, but I don't use it for bug bounty hunting, as I don't see the point.
Idk if this helps but I think a lot of people use a spun up box from AWS or digital ocean to do mass scans and such/ auto vuln scans. Generally protects ur home IP from being placed on blacklists. Havnt had experience with Mulvad though. Sometimes I use NordVPN but I always switch to my digital ocean box when doing big automated stuff.
If he's not a gamer, if you have the room, and if the budget allows, two 32 inch monitors is really sweet spot. Bonus points if you can get a dual monitor mount so that the stand takes up as little space on the desk as possible. That's the ideal, IMHO.
Example: https://www.amazon.com/dp/B09CLPGS4D/ and like https://www.amazon.com/dp/B074K35TJZ/
You can try setting a proxy with the http_proxy and https_proxy environment variables. Not all applications respect this though. You can also try Invisible Proxying if the script interacts with a specific host -
https://portswigger.net/burp/documentation/desktop/tools/proxy/options/invisible
You can update your amass config file to use specific DNS resolvers. You can also this tool from Steve Gibson to determine which DNS resolvers are most responsive to your queries.
https://portswigger.net/burp/pro/video-tutorials
Here are video tutorials for Burp suite straight from the creators.
I'm assuming you're new to this area. Not to be a dick, but try to Google your problem. Read all the information you can find on a subject/tool, if you're still stuck then I'd recommend asking for help.
Welcome to the community though! Hope you enjoy and learn a lot!
(I'm by no means any type of expert or even knowledgeable. I've used burp suite and semi know my way around. I'm always still learning as well. This field is a never ending classroom with many things to learn!)
yes, versions before [https://www.djangoproject.com/weblog/2016/sep/26/security-releases/](1.9.10 and 1.8.15) are vulnerable, however to fully reproduce this bug you will have to somehow simulate google analytics behaviour, as it's probably no longer putting unfiltered content inside the cookie. But of course, there might be more scenarios, where it's possible to inject cookies.
I also use Firefox with FoxyProxy. I use both Chrome & Firefox. I like being able to use google translate easily with Chrome. But it's good to use both because if I want I can have one proxied while the other is not, or have two separate proxies running if I wanted.