Episode 11: CV$$, Web Cache Deception, and SSTI
Critical Thinking - Bug Bounty Podcast
00:00
Snapchat's Security Team Is Strong
Snapchat's mobile app is very, very hardened. So as a result, you can do barely any like hooking or proxy or any of that kind of stuff without throwing off their signature signing algorithm. Back in the day I used to write Snapchat bots back in the day. We did spend some time and we reverse engineered the safety net stuff down to like a level where we could generate a lot of it programmatically. And then it's just a cat and mouse game. Like at a certain point, they just keep updating and they keep adding more checks and you have to keep trying to reverse engineer them and bypass those checks.
Play episode from 06:38
Transcript
