Episode 28: Surfin' with CSRFs
Critical Thinking - Bug Bounty Podcast20 Heinä 2023

Episode 28: Surfin' with CSRFs

Episode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We also talk browser extensions and tools like Hackbar, PwnFox, and JS Weasel, and Justin tries to invent a whole new vuln term. There’s plenty of good stuff here, so what are you waiting for? Jump on in!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

rez0's latest tip

https://twitter.com/rez0__/status/168134822190014466019

Hackbar

https://addons.mozilla.org/en-US/firefox/addon/hackbartool/

PwnFox

https://twitter.com/adrien_jeanneau/status/1681364665354289152

JS Weasel

https://www.jswzl.io/

Charlie Eriksen

https://twitter.com/CharlieEriksen

Link to talk by Rojan

https://twitter.com/uraniumhacker/status/1681381857383030785

Bypassing GitHub's OAuth flow

https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html

Great SameSite Confusion

https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/

Check out Nahamsec's Channel

https://www.youtube.com/c/nahamsec

Timestamps:

(0:01:45) The deep link debate

(00:08:00) LHE and in-person interviews

(00:09:25) SQLMAP and raw requests

(00:11:11) Hackbar, PwnFox, and browser extensions

(00:16:45) JS Weasel tool and its features

(00:25:28) Rojan's Research and Public Talks

(Start of main content)

(00:28:36) Cross-Site Request Forgery (CSRF)

(00:35:00) Bypassing GitHub's OAuth flow

(00:45:00) A Small SameSite Story

(00:48:50) CSRF Exploitation Techniques

(01:07:15) CSRF Bug Stories

(01:15:30) NahamSec and DEFCON

Jaksot(161)

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

Episode 97: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel jump into some cool news items, including a recent Okta Bcrypt vulnerability, insights into crypto bugs, and some ...

14 Marras 202453min

Episode 96: Cookies & Caching with MatanBer

Episode 96: Cookies & Caching with MatanBer

Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques an...

7 Marras 202449min

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

Episode 95: In this episode of Critical Thinking - Bug Bounty Podcast In this episode, Justin is joined by MatanBer to delve into the intricacies of browser extensions. We talk about the structure and...

31 Loka 20241h 56min

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also high...

24 Loka 202449min

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

Episode 93: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Dr. Jonathan Bouman to discuss his unique journey as both a Hacker and a Healthcare Professional. We talk through ...

17 Loka 20241h 41min

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

Episode 92: In this episode of Critical Thinking - Bug Bounty Podcast In this episode Justin and Joel tackle a host of new research and write-ups, including Ruby SAML, 0-Click exploits in MediaTek Wi-...

10 Loka 202447min

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

Episode 91: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Critical Thinking’s own HackerNotes writer Brandyn Murtagh (gr3pme) to talk about his journey with B...

3 Loka 20241h 22min

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

Episode 90: In this episode of Critical Thinking - Bug Bounty Podcast Joel and Justin recap some of their recent hacking ups and downs and have a lively chat about Cursor. Then they cover some some re...

26 Syys 202451min