logo
episode-header-image
Jul 2023
1h 18m

Episode 28: Surfin' with CSRFs

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We also talk browser extensions and tools like Hackbar, PwnFox, and JS Weasel, and Justin tries to invent a whole new vuln term. There’s plenty of good stuff here, so what are you waiting for? Jump on in!

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

rez0's latest tip

https://twitter.com/rez0__/status/168134822190014466019

Hackbar

https://addons.mozilla.org/en-US/firefox/addon/hackbartool/

PwnFox

https://twitter.com/adrien_jeanneau/status/1681364665354289152

JS Weasel

https://www.jswzl.io/

Charlie Eriksen

https://twitter.com/CharlieEriksen

Link to talk by Rojan

https://twitter.com/uraniumhacker/status/1681381857383030785

Bypassing GitHub's OAuth flow

https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html

Great SameSite Confusion

https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/

Check out Nahamsec's Channel

https://www.youtube.com/c/nahamsec

Timestamps:

(0:01:45) The deep link debate

(00:08:00) LHE and in-person interviews

(00:09:25) SQLMAP and raw requests

(00:11:11) Hackbar, PwnFox, and browser extensions

(00:16:45) JS Weasel tool and its features

(00:25:28) Rojan's Research and Public Talks

(Start of main content)

(00:28:36) Cross-Site Request Forgery (CSRF)

(00:35:00) Bypassing GitHub's OAuth flow

(00:45:00) A Small SameSite Story

(00:48:50) CSRF Exploitation Techniques

(01:07:15) CSRF Bug Stories

(01:15:30) NahamSec and DEFCON

Up next
Oct 9
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
1h 4m
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Recommended Episodes
Feb 2024
E167: Nvidia smashes earnings (again), Google's Woke AI disaster, Groq's LPU breakthrough & more
(0:00) Bestie intros: Banana boat! (2:34) Nvidia smashes expectations again: understanding its terminal value and bull/bear cases in the context of the history of the internet (27:26) Groq's big week, training vs. inference, LPUs vs. GPUs, how to succeed in deep tech (49:37) Goog ... Show More
1h 20m
Jun 2023
Digital Identity w/ ENS Domains
Always mixing business and education, Khori has major experience managing for-profits and non-profits, with a big love for tech and always being an early adopter. Developing an interest in distributed ledger tech, and being passionate about decentralized inclusion and identity, h ... Show More
1h 17m
Feb 2024
Episode 119 - Dart Squad (Ft. 1Dime)
You are listening to this episode 1 week after it was released. To get episodes on time check out our Patreon!  Episode 120 is already available there: https://www.patreon.com/TheDeprogram Check out his work here:Controlled Opposition video: https://www.youtube.com/watch?v=7uPevW ... Show More
1h 16m
Jan 2024
716: JS Perf Wins & New Node.js Features with Yagiz Nizipli
Yagiz Nizipli talks about his involvement with Node.js, implementing .env, how he finds areas to improve in performance, the happy path vs the hot path, and new features coming to Node.js. Show Notes 00:32 Welcome 01:01 Introducing Yagiz Nizipli 02:21 What is your involvement in ... Show More
1h 1m
Feb 2024
BTS | EP.148 - Valentine's Day Horror Stories ft ShxtsnGigs
Welcome to the Behind the Scenes podcast!Today we are joined by our first guests of the year...ShxtsnGigs!!Make sure you follow our page and like, comment, and share this episode with your friends and family if you enjoyed it! 0:00 - Intro02:13 - Who is Your Zaddy?10:55 - Dilemma ... Show More
1h 8m
Feb 2024
Somatic Tools for Self-Regulation with Elizabeth Ferreira
One of the most important skills we can learn is how to regulate ourselves, riding the emotional waves without either ignoring or being overwhelmed by them. Associate therapist Elizabeth Ferreira joins Forrest to explore how we can feel our feelings while staying calm, collected, ... Show More
1h 4m
Sep 16
Letting Go of Guilt: Why Rest Is Not Something You Have to Earn
Why do we feel guilty for resting? In this episode, Rosie explores the internalized belief that our worth is tied to productivity. Through personal stories and reflection, she reminds us that rest doesn’t have to be earned — and letting go of guilt is key to true well-being. Lear ... Show More
6m 34s
Sep 10
Sugar Is Rewiring Your Brain (Here’s How to Escape)
I gave up sugar a while ago and wish I had done it even sooner. Before, I dealt with low energy, brain fog, and restless nights. Now I sleep deeply, feel energized, and enjoy clear mental clarity after quitting sugar. Sugar also depletes vitamin B1, critical for optimal brain hea ... Show More
18m 35s
Listen to millions of songs and podcasts on Anghami