Controlling Browser Behavior and Leveraging XSS Vulnerabilities

Episode 36: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel take a break from LHE prep to answer questions about the ethics of bug bounty and share their recent bug finds. We talk Iframes, mobile intercept proxies, open redirects, and that time Justin got shot at…

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Timeshifter:

https://www.timeshifter.com/

Tweet about Google Open Redirect

https://twitter.com/Rhynorater/status/1697357773690818844

Tweet about XSS Exploitation

https://twitter.com/Rhynorater/status/1698059391700701424

Request Minimizer

https://portswigger.net/bappstore/cc16f37549ff416b990d4312490f5fd1

Timestamps:

(00:00:00) Introduction

(00:02:45) Hacker One LHE Preview

(00:05:40) Is Bug Bounty Inherently Ethical

(00:19:25) Ethics of Going out of scope

(00:27:56) Justin’s story of getting shot at

(00:30:22) Setting up a mobile intercept proxy

(00:33:40) How to approach a new target

(00:40:30) Google Open Redirect

(00:43:35) Recent XSS Exploitation

(00:46:28) ATO Trick

(00:50:25) Joel’s Bug Report

(00:55:40) Justin’s Bug Report