In this episode of Critical Thinking - Bug Bounty Podcast, the CSRF’s up, dude! We kick off with a debate about whether or not deep link vulns in mobile apps can be considered CSRF. We also talk browser extensions and tools like Hackbar, PwnFox, and JS Weasel, and Justin tries to invent a whole new vuln term. There’s plenty of good stuff here, so what are you waiting for? Jump on in!
Follow us on twitter at: https://twitter.com/ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
- https://twitter.com/0xteknogeek
- https://twitter.com/rhynorater
rez0's latest tip: https://twitter.com/rez0__/status/168134822190014466019
Hackbar: https://addons.mozilla.org/en-US/firefox/addon/hackbartool/
PwnFox: https://twitter.com/adrien_jeanneau/status/1681364665354289152
JS Weasel: https://www.jswzl.io/
Charlie Eriksen: https://twitter.com/CharlieEriksen
Link to talk by Rojan: https://twitter.com/uraniumhacker/status/1681381857383030785
Bypassing GitHub's OAuth flow: https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
Great SameSite Confusion: https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/
Check out NahamSec's Channel: https://www.youtube.com/c/nahamsec
====== Timestamps ======
(00:00:00) Intro
(00:01:45) The deep link debate
(00:08:00) LHE and in-person interviews
(00:09:25) SQLMAP and raw requests
(00:11:11) Hackbar, PwnFox, and browser extensions
(00:16:45) JS Weasel tool and its features
(00:25:28) Rojan's Research and Public Talks
(Start of main content)
(00:28:36) Cross-Site Request Forgery (CSRF)
(00:35:00) Bypassing GitHub's OAuth flow
(00:45:00) A Small SameSite Story
(00:48:50) CSRF Exploitation Techniques
(01:07:15) CSRF Bug Stories
(01:15:30) NahamSec and DEFCON
