Gateway Legacy FAQs

Organizations: FAQs about Legacy Gateway

Updated over a week ago



What's captured and logged by HackerOne Gateway (VPN)?

All packets and netflow are captured. HTTPS is automatically decrypted, all other protocols (SMTPS, SSH, etc.) are captured but, if encrypted, aren't decrypted by HackerOne.

Does Gateway (VPN) log each keystroke?

No, Gateway (VPN) uses split tunnel technology which doesn't log keystrokes.

What additional information about finder activity does Gateway (VPN) provide?

Gateway (VPN) provides session-level detail on URLs hit by each participating finder, including when, how often, and the duration.

How can the data captured by Gateway (VPN) be accessed?

Access is based on guidelines established by HackerOne.

Authorized program personnel may make specific data requests which must include the data requested and its intended use.

How will access to Gateway (VPN) data be made available?

Data is made available via a password-protected Google Drive folder.

Where is the data log stored?

Data is stored in dedicated AWS S3 buckets that are unique for each program or Challenge.

How long is the data retained?

Data is stored for 12 months from the end of the program or Challenge.

Does Gateway (VPN) allow site-to-site tunnels?

No, Gateway (VPN) does not support dedicated connections directly to one or more assets.

How do I revoke access for a specific hacker on my program?

Make the revoke request to HackerOne and we’ll disable the hacker's unique IP address.

How can we allowlist testing-related traffic on our IDS?

Each Bounty program and Challenge is assigned a dedicated range of IP addresses to add to your IDS allowlist.

Did this answer your question?