Video proofs of concept are a great way to provide evidence of a security vulnerability. They can also improve the clarity of reports if you’re struggling to describe the vulnerability. HackerOne allows hackers to submit video proofs of concept through a built-in video recorder. Videos are recorded in .webm format across all browsers except Safari, which uses .mp4 format.
How to record a proof of concept
To start a recording, click the Record a demo button below the report attachments area.
Select a source. This can be an individual browser tab, a window, or an entire screen.
Stop the recording either by clicking the stop recording button or using the browser controls. The recording will automatically stop when it reaches 250 megabytes, which is the maximum file size for individual report attachments.
Name the recording and attach it to the report.
Troubleshooting
Some operating systems may block screen recordings by default. In this case, you will see a pop-up explaining that the browser is not authorized to record the screen. You need to enable screen recordings in your operating system settings before use.
To use the screen recorder in Safari, you need to enable the “MediaRecorder” feature. You can do this by going to Safari’s settings menu > Feature Flags and checking the “MediaRecorder” checkbox. Refresh the page for the change to take effect.