התחל במצב לא מקוון עם האפליקציה Player FM !
Episode 73: Sandboxed IFrames and WAF Bypasses
Manage episode 421123211 series 3435922
Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
?. Tweet
https://x.com/garethheyes/status/1786836956032176215
NoWafPls
https://github.com/assetnote/nowafpls
Redacted Reports
https://x.com/deadvolvo/status/1790397012468199651
Breaking CORS
https://x.com/MtnBer/status/1794657827115696181
Sandbox-iframe XSS challenge solution
https://joaxcar.com/blog/2024/05/16/sandbox-iframe-xss-challenge-solution/
iframe and window.open magic
domloggerpp
https://github.com/kevin-mizu/domloggerpp
Timestamps
(00:00:00) Introduction
(00:03:29) ?. Operator in JS and NoWafPls
(00:07:22) Redacting our own reports
(00:11:13) Breaking CORS
(00:17:07) Sandbox-iframes
(00:24:11) Dom hook plugins
76 פרקים
Manage episode 421123211 series 3435922
Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
?. Tweet
https://x.com/garethheyes/status/1786836956032176215
NoWafPls
https://github.com/assetnote/nowafpls
Redacted Reports
https://x.com/deadvolvo/status/1790397012468199651
Breaking CORS
https://x.com/MtnBer/status/1794657827115696181
Sandbox-iframe XSS challenge solution
https://joaxcar.com/blog/2024/05/16/sandbox-iframe-xss-challenge-solution/
iframe and window.open magic
domloggerpp
https://github.com/kevin-mizu/domloggerpp
Timestamps
(00:00:00) Introduction
(00:03:29) ?. Operator in JS and NoWafPls
(00:07:22) Redacting our own reports
(00:11:13) Breaking CORS
(00:17:07) Sandbox-iframes
(00:24:11) Dom hook plugins
76 פרקים
Усі епізоди
×ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.