Ga offline met de app Player FM !
Episode 44: URL Parsing & Auth Bypass Magic
Manage episode 382865994 series 3435922
Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
ATO through Facebook Login
https://twitter.com/Jayesh25_/status/1718543152296939861
https://twitter.com/itscachemoney/status/1721658450613346557
Golden techniques to bypass host validations in Android apps
Mozilla article on HTTP Authentication
Breaking Parser Logic talk by Orange Tsai
Timestamps:
(00:00:00) Introduction
(00:04:10) “Xnl-Reveal”
(00:07:22) OAuth vulnerabilities
(00:13:17) Recap of controversy surrounding the handling of a vulnerability report on H1
(00:18:55) Hacker Success Manager Program
(00:22:30) Facebook login ATO
(00:27:45) When URL parsers disagree
(00:34:34) URL Structures
(01:02:22) Shared secrets across environments
(01:09:40) Social Media Logins
94 afleveringen
Manage episode 382865994 series 3435922
Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.
ATO through Facebook Login
https://twitter.com/Jayesh25_/status/1718543152296939861
https://twitter.com/itscachemoney/status/1721658450613346557
Golden techniques to bypass host validations in Android apps
Mozilla article on HTTP Authentication
Breaking Parser Logic talk by Orange Tsai
Timestamps:
(00:00:00) Introduction
(00:04:10) “Xnl-Reveal”
(00:07:22) OAuth vulnerabilities
(00:13:17) Recap of controversy surrounding the handling of a vulnerability report on H1
(00:18:55) Hacker Success Manager Program
(00:22:30) Facebook login ATO
(00:27:45) When URL parsers disagree
(00:34:34) URL Structures
(01:02:22) Shared secrets across environments
(01:09:40) Social Media Logins
94 afleveringen
Alle Folgen
×Welkom op Player FM!
Player FM scant het web op podcasts van hoge kwaliteit waarvan u nu kunt genieten. Het is de beste podcast-app en werkt op Android, iPhone en internet. Aanmelden om abonnementen op verschillende apparaten te synchroniseren.