Interested in going full-time bug bounty? Check out our blueprint!

Frontend Language Oddities (Ep. 62)

Episode 62: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel are back with some additional research resources that didn’t make the Portswigger Top-Ten, but that are worth looking at.

Follow us on twitter at: https://twitter.com/ctbbpodcast

Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to https://twitter.com/realytcracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek
https://twitter.com/rhynorater

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Sign up for https://caido.io/ using the referral code CTBBPODCAST for a 10% discount. 

Resources:

Cool HTML Shit:
https://twitter.com/jcubic/status/1764311080661082201
https://twitter.com/encodeart/status/1764218128374943764

Bug bounty Hunting Journeys:
https://twitter.com/ajxchapman/status/1762101366057525521
https://monkehacks.beehiiv.com/p/monkehacks-02

Yelp Cookie Bridge Report:
https://hackerone.com/reports/2089042

Deobfuscating / Unminifying Obfuscated Web App Code:
https://gist.github.com/0xdevalias/d8b743efb82c0e9406fc69da0d6c6581#deobfuscating--unminifying-obfuscated-web-app-code

ChatGPT Source Watch:
https://github.com/0xdevalias/chatgpt-source-watch

Web Security Research Reddit:
https://www.reddit.com/r/websecurityresearch/

Nahamsec Resources:
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

Portswigger Nominations list:
https://portswigger.net/research/top-10-web-hacking-techniques-of-2023-nominations-open

Abusing perspectives: https://hackerone.com/reports/2401115

PortSwigger CSS Exfiltration:
https://github.com/PortSwigger/css-exfiltration
https://github.com/PortSwigger/css-exfiltration/tree/main/steal-reversed-firefox
https://github.com/PortSwigger/css-exfiltration/blob/main/steal-attribute-values-checkboxes/styles.css
https://github.com/PortSwigger/css-exfiltration/tree/main/steal-script-contents

Timestamps:
(00:00:00) Introduction
(00:02:06) Cool HTML Shit
(00:15:31) Bug Bounty Journeys
(00:28:01) Yelp Cookie Bridge Bug
(00:37:56) Additional Research Resources
(00:46:34) CSS and abusing perspectives