使用Player FM应用程序离线!
Episode 44: URL Parsing & Auth Bypass Magic
Manage episode 382865994 series 3435922
Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
ATO through Facebook Login
https://twitter.com/Jayesh25_/status/1718543152296939861
https://twitter.com/itscachemoney/status/1721658450613346557
Golden techniques to bypass host validations in Android apps
Mozilla article on HTTP Authentication
Breaking Parser Logic talk by Orange Tsai
Timestamps:
(00:00:00) Introduction
(00:04:10) “Xnl-Reveal”
(00:07:22) OAuth vulnerabilities
(00:13:17) Recap of controversy surrounding the handling of a vulnerability report on H1
(00:18:55) Hacker Success Manager Program
(00:22:30) Facebook login ATO
(00:27:45) When URL parsers disagree
(00:34:34) URL Structures
(01:02:22) Shared secrets across environments
(01:09:40) Social Media Logins
93集单集
Manage episode 382865994 series 3435922
Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
ATO through Facebook Login
https://twitter.com/Jayesh25_/status/1718543152296939861
https://twitter.com/itscachemoney/status/1721658450613346557
Golden techniques to bypass host validations in Android apps
Mozilla article on HTTP Authentication
Breaking Parser Logic talk by Orange Tsai
Timestamps:
(00:00:00) Introduction
(00:04:10) “Xnl-Reveal”
(00:07:22) OAuth vulnerabilities
(00:13:17) Recap of controversy surrounding the handling of a vulnerability report on H1
(00:18:55) Hacker Success Manager Program
(00:22:30) Facebook login ATO
(00:27:45) When URL parsers disagree
(00:34:34) URL Structures
(01:02:22) Shared secrets across environments
(01:09:40) Social Media Logins
93集单集
所有剧集
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。