Episode 28: In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We also talk browser extensions and tools like Hackbar, PwnFox, and JS Weasel, and Justin tries to invent a whole new vuln term. There’s plenty of good stuff here, so what are you waiting for? Jump on in!
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
rez0's latest tip
https://twitter.com/rez0__/status/168134822190014466019
Hackbar
https://addons.mozilla.org/en-US/firefox/addon/hackbartool/
PwnFox
https://twitter.com/adrien_jeanneau/status/1681364665354289152
JS Weasel
Charlie Eriksen
https://twitter.com/CharlieEriksen
Link to talk by Rojan
https://twitter.com/uraniumhacker/status/1681381857383030785
Bypassing GitHub's OAuth flow
https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
Great SameSite Confusion
https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/
Check out Nahamsec's Channel
https://www.youtube.com/c/nahamsec
Timestamps:
(0:01:45) The deep link debate
(00:08:00) LHE and in-person interviews
(00:09:25) SQLMAP and raw requests
(00:11:11) Hackbar, PwnFox, and browser extensions
(00:16:45) JS Weasel tool and its features
(00:25:28) Rojan's Research and Public Talks
(Start of main content)
(00:28:36) Cross-Site Request Forgery (CSRF)
(00:35:00) Bypassing GitHub's OAuth flow
(00:45:00) A Small SameSite Story
(00:48:50) CSRF Exploitation Techniques
(01:07:15) CSRF Bug Stories
(01:15:30) NahamSec and DEFCON