Episode 44: URL Parsing & Auth Bypass Magic
Critical Thinking - Bug Bounty Podcast9 Nov 2023

Episode 44: URL Parsing & Auth Bypass Magic

Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

"XnlReveal" XNL h4ck3r

OAuth article by Salt Labs

H1 controversy recap

ATO through Facebook Login

https://twitter.com/Jayesh25_/status/1718543152296939861

https://twitter.com/itscachemoney/status/1721658450613346557

When URL Parsers disagree

Golden techniques to bypass host validations in Android apps

Mozilla article on HTTP Authentication

Breaking Parser Logic talk by Orange Tsai

URL Detector

SSRF Bible

Timestamps:

(00:00:00) Introduction

(00:04:10) “Xnl-Reveal”

(00:07:22) OAuth vulnerabilities

(00:13:17) Recap of controversy surrounding the handling of a vulnerability report on H1

(00:18:55) Hacker Success Manager Program

(00:22:30) Facebook login ATO

(00:27:45) When URL parsers disagree

(00:34:34) URL Structures

(01:02:22) Shared secrets across environments

(01:09:40) Social Media Logins

Avsnitt(162)

Episode 154: Starting a Pentesting Company on Top of Bug Bounty

Episode 154: Starting a Pentesting Company on Top of Bug Bounty

Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the c...

25 Dec 202541min

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on t...

18 Dec 20251h 16min

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Verte...

11 Dec 20251h 21min

Episode 151: Client-side Advanced Topics

Episode 151: Client-side Advanced Topics

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL P...

4 Dec 20251h 7min

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankf...

27 Nov 202557min

Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions?...

20 Nov 20251h 2min

Episode 148: MCP Hacking Guide

Episode 148: MCP Hacking Guide

Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugg...

13 Nov 202532min

Episode 147: Stupid Simple Hacking Workflow Tips

Episode 147: Stupid Simple Hacking Workflow Tips

Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x....

6 Nov 202558min

Populärt inom Teknik

uppgang-och-fall
natets-morka-sida
elbilsveckan
market-makers
rss-elektrikerpodden
rss-technokratin
skogsforum-podcast
rss-laddstationen-med-elbilen-i-sverige
har-vi-akt-till-mars-an
developers-mer-an-bara-kod
bli-saker-podden
rss-veckans-ai
rss-snacka-om-ai
rss-fabriken-2
bosse-bildoktorn-och-hasse-p
hej-bruksbil
rss-it-sakerhetspodden
bilar-med-sladd
gubbar-som-tjotar-om-bilar
rss-relevance-digital-marknadsforing-med-fokus-pa-e-handel