logo
episode-header-image
Jun 2024
1h 34m

Episode 76: Match & Replace - HTTP Proxi...

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)
About this episode

Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Resources

Zoom Session Takeover

https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html

SharePoint XXE

https://x.com/thezdi/status/1796207012520366552

Shazzer

https://shazzer.co.uk/

Timestamps:

(00:00:00) Introduction

(00:05:06) H1 Ambassador World Cup

(00:13:57) Zoom ATO bug

(00:33:28) SharePoint XXE

(00:39:36) Shazzer

(00:46:36) Match and Replace

(01:13:01) Match and Replace in Mobile

(01:21:13) Header Replacements

Up next
Jul 10
Episode 130: Minecraft Hacks to Google Hacking Star - Valentino
Episode 130: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Valentino, who shares his journey from hacking Minecraft to becoming a Google hunter. He talks us through several bugs, including an HTML Sanitizer bypass and .NET deserialization, and high ... Show More
1h 8m
Jul 3
Episode 129: Is this how Bug Bounty Ends?
Episode 129: In this episode of Critical Thinking - Bug Bounty Podcast we chat about the future of hack bots and human-AI collaboration, the challenges posed by tokenization, and the need for cybersecurity professionals to adapt to the evolving landscape of hacking in the age of ... Show More
36m 14s
Jun 26
Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Episode 128: In this episode of Critical Thinking - Bug Bounty Podcast we talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature BugFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel fre ... Show More
58m 6s
Recommended Episodes
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Jun 2024
20 Years, 1000 Episodes: The Man Behind PodQuiz
We have another bonus episode! In this one, Andrew sits down and talks with James Carter from PodQuiz who began his popular trivia podcast back in 2005. He just published his 1000th episode so Andrew took the opportunity to pick his brain on how he comes up with his questions and ... Show More
59m 30s
Jun 2024
The Linux Distro No One Talks About | René Rebe
Today we have the one and only René Rebe on the show, the developer of T2 SDE one of the very few standalone distros that is severely under represented in the media alongside running 2 youtube channels, Code Therapy and Bits inside ==========Support The Channel========== ► Patreo ... Show More
2h 1m
Jun 2024
OSPod Episode 95: Cosmic Alignments, Stolen Saints, and Red's New Jokermobile!
The stars have aligned once more, it's time for an Overly Sarcastic Podcast! We tackle the stolen bones of Venice, the location of the moon and stars, and do our best to convince Red not to wrap her car. Plus the return of the Lightning Round, complicated swimming, and much much ... Show More
1 h
Apr 2024
Crainer's Return, Brutally Rating YouTubers and NEW Podcast Together!?
In this SPECIAL episode of two/thirds, Crainer joins us to look back on the best moments of Season 1 and how far we’ve come. We answer questions sent in by viewers and talk through Crainer’s trauma around us talking behind his back in previous episodes. Has Crainer forgiven us? I ... Show More
1h 4m
Oct 2023
OSPod Episode 78: Byzantines, Fearless Lads, and Delicious Delicious Power Gaming!
The OSPod crew is back from a busy couple weeks! Epic-length Byzantine videos, boys without fear, talks and conventions oh my! And at the end of it all, perhaps the return of a beloved thought experiment...Our podcast, like our videos, sometimes touches on the violence, assaults, ... Show More
59m 16s
Mar 2024
AI vs software devs
Daniel and Chris are out this week, so we’re bringing you conversations all about AI’s complicated relationship to software developers from other Changelog pods: JS Party, Go Time & The Changelog.Join the discussionChangelog++ members save 2 minutes on this episode because they m ... Show More
57 m
Jun 2024
How Much AI Will We WWDC?
There was a lot to get into this week! First, Marques, Andrew, and David discuss Instagram testing unskippable ads before getting into some Microsoft Recall news. Then they go deep on what they expect to see from Apple's WWDC 2024 next week. Then we finish it up with a call to ac ... Show More
1h 32m
Jun 2022
206 | Twins Series Recap, Hot or Not, Nestor Struggles
Download the Chalkboard App and join our gameday group chat! https://links.chalkboard.io/join-boar...https://links.chalkboard.io/join-boar...UNDERDOG FANTASY promo code 161BOYS for a $100 deposit match! https://play.underdogfantasy.com/p-th...https://play.underdogfantasy.com/p-th ... Show More
1h 10m
Jan 2023
Derby Disappointment! Levels of Concern for Lahoz, Ansu Fati, and Espanyol's Response
On episode 424, Dan and Levon discuss Barcelona's 1-1 draw with Espanyol. They play, "How Concerned Are You?" with Mateu Lahoz's refereeing, Xavi's tactics and motivating skils, Ansu Fati, and much more!Running Order:Is refereeing in La Liga a bigger issue than other years?Did Xa ... Show More
53m 50s
Listen to millions of songs and podcasts on Anghami