logo
episode-header-image
Nov 2023
1h 11m

Episode 44: URL Parsing & Auth Bypass Ma...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrounding them which allow for all sorts of bypasses. We also round out the episode with some new tools, ato stories, and some controversial current events in the hacker scene.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

"XnlReveal" XNL h4ck3r

OAuth article by Salt Labs

H1 controversy recap

ATO through Facebook Login

https://twitter.com/Jayesh25_/status/1718543152296939861

https://twitter.com/itscachemoney/status/1721658450613346557

When URL Parsers disagree

Golden techniques to bypass host validations in Android apps

Mozilla article on HTTP Authentication

Breaking Parser Logic talk by Orange Tsai

URL Detector

SSRF Bible

Timestamps:

(00:00:00) Introduction

(00:04:10) “Xnl-Reveal”

(00:07:22) OAuth vulnerabilities

(00:13:17) Recap of controversy surrounding the handling of a vulnerability report on H1

(00:18:55) Hacker Success Manager Program

(00:22:30) Facebook login ATO

(00:27:45) When URL parsers disagree

(00:34:34) URL Structures

(01:02:22) Shared secrets across environments

(01:09:40) Social Media Logins

Up next
Yesterday
Episode 143: New Cohost + Client-Side Gadgets, LHE Meta — Instant Global Admin in Entra!
Episode 143: In this episode of Critical Thinking - Bug Bounty Podcast Justin brings Brandyn back to announce him as our newest co-host. We chat about recent LHE experiences, and then break down some news. Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugges ... Show More
1h 4m
Oct 2
Episode 142: Gr3pme's Full-Time Hunting Journey Update, Insane AI research, And Some Light News
Episode 142: In this episode of Critical Thinking - Bug Bounty Podcast Rez0 and Gr3pme join forces to discuss Websocket research, Meta’s $111750 Bug, PROMISQROUTE, and the opportunities afforded by going full time in Bug Bounty.Follow us on twitter at: https://x.com/ctbbpodcastGo ... Show More
54m 50s
Sep 25
Episode 141: Hacking the Pod - Google Docs 0-day & React CreateElement Exploits with Nick Copi (7urb0)
Episode 141: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Nick Copi to talk about CSPT, React, CSS Injections and how Nick hacked the pod.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any f ... Show More
1h 23m
Recommended Episodes
Feb 2024
Episode 119 - Dart Squad (Ft. 1Dime)
You are listening to this episode 1 week after it was released. To get episodes on time check out our Patreon!  Episode 120 is already available there: https://www.patreon.com/TheDeprogram Check out his work here:Controlled Opposition video: https://www.youtube.com/watch?v=7uPevW ... Show More
1h 16m
Feb 2024
Somatic Tools for Self-Regulation with Elizabeth Ferreira
One of the most important skills we can learn is how to regulate ourselves, riding the emotional waves without either ignoring or being overwhelmed by them. Associate therapist Elizabeth Ferreira joins Forrest to explore how we can feel our feelings while staying calm, collected, ... Show More
1h 4m
Jan 2024
Introducing On This Day in Working Class History: A new daily podcast from WCH
Introducing a brand-new daily podcast from the team at WCH. On This Day in Working Class History will be a brief reminder each morning of our collective struggles for a better world which have taken place on this date in history. Launching on 1 February on a trial basis, each epi ... Show More
2m 32s
Feb 2024
E167: Nvidia smashes earnings (again), Google's Woke AI disaster, Groq's LPU breakthrough & more
(0:00) Bestie intros: Banana boat! (2:34) Nvidia smashes expectations again: understanding its terminal value and bull/bear cases in the context of the history of the internet (27:26) Groq's big week, training vs. inference, LPUs vs. GPUs, how to succeed in deep tech (49:37) Goog ... Show More
1h 20m
Feb 2024
WORST EXCUSES FOR CHEATING?! | EP 369 | ShxtsNGigs Podcast
#Ad GRAB YOUR WHOOP NOW https://join.whoop.com/en-uk/SNG SNG LIVE AT THE O2!!:https://www.axs.com/uk/events/518134/shxtsngigs-tickets?skin=theo2 CHECK OUT JAMES' STREAMS:https://www.twitch.tv/sng_james This Week The Guys Discuss: SUBSCRIBE TO OUR REACTION CHANNEL: https://www.you ... Show More
55m 52s
Feb 2024
Folge 154 - YouTube
Folge 154 ist eine besondere Episode! Zum ersten Mal gibt es sowohl eine Audioversion als auch als eine Videoversion auf YouTube. Patrick spricht über YouTube - eine Plattform, die fast alle kennen und benutzen. Wie hat YouTube angefangen und warum war das Videoportal in Deutschl ... Show More
14m 51s
Feb 2024
TIP609: Fooled by Randomness by Nassim Taleb
On today’s episode, Clay reviews Nassim Taleb’s book – Fooled by Randomness.Nassim Taleb is a Lebanon-born American mathematician and statistician whose work concerns problems of randomness, probability, and uncertainty. He’s very well known for his popular books, including The B ... Show More
1 h
Nov 2023
Sports Podcasting On A National Level
“Think of our NFL network, it’s 38 podcasts. To source 38 podcasts, you don’t want eight different publishers and 38 different onboarding calls and invoices - it can be a nightmare. So for us, we like to just make it as easy for an advertiser as possible to activate with those mi ... Show More
44m 24s
Oct 2023
10 Digital Transformation Questions for CIOs, Digital Strategy Case Study with the US Army, Inside the ERP Software Cartel
The Transformation Ground Control podcast covers a number of topics important to digital and business transformation. This episode covers the following topics and interviews: 10 Digital Transformation Questions for CIO’s, Q&A Digital Strategy Case Study with the US Army Inside th ... Show More
3h 17m
Listen to millions of songs and podcasts on Anghami