This tip is for users that want to learn how to actually demo to a company how someone could misuse a heroku Domain Takeover I found this again inside one of my settings of a companies Domain I just reported
Customizing your maintenance page
You can specify a custom maintenance page for your app by setting the following config var:
You will see this typically running aquatone-takeover
Potential domain takeover detected!
Service website: https://www.heroku.com/
Resource.......: CNAME tango_down.herokuapp.com
you can do this
heroku config:set MAINTENANCE_PAGE_URL=//s3.amazonaws.com//your_maintenance_page.html
this will allow you to turn maintenance mode on for the app you claim the domain for and serve a static page which if you are trying to demo impact to a company this is where someone could be phished if it was a question about severity this will take that report up a bit to where you may land a bounty like this
give it a try I do not want to spoil things for you get a heroku go get yourselves some bounties!
I have never been paid for this and wish I had found the Starbucks one first lol
but either way its a cool trick to actual host a page via heroku domain takeover
this is typically what I will demo to show a person its vuln you can set that through the MAINTENANCE_PAGE_URL like I showed above
I recommend only showing the page after asking although not illegal could pose a copyright issue if you squat a domain belonging to another.