Critical Thinking - Bug Bounty Podcast

Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature

Jun 20, 2024

In this podcast, they discuss match and replace techniques for bug bounties, the HackerOne Ambassador World Cup, Zoom ATO bug, SharePoint XXE, and the importance of understanding browser security vulnerabilities. They explore leveraging match and replace rules in bug bounty testing, enhancing Burp Suite functionality, and updating plugin formats for improved workflow.

01:34:43

Creator website

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Match and replace in JavaScript can dynamically enable/disable features, saving time in exploring new functionalities.

Using match and replace can address edge cases in web packed JavaScript, ensuring accurate modifications.

Paywall bypasses have ethical considerations and can impact software companies, emphasizing thorough security assessments in bug bounty programs.

Deep dives

Validate Attack Strategy

Match and replace can be used to quickly validate attack strategies without having to spend time debugging code or setting breakpoints, saving time and effort in confirming the feasibility of an attack path.

Exploring Niche Functionalities and Exploitation Techniques in Applications

03:51

Exploring the Static Routing Tables Feature in Burp Suite

02:37

Intro

2min

Bug Hunting Adventures and Competition Insights

10min

Chaotic Beginnings and Competition Rankings

2min

Exploring Client-Side Exploits and Cookie-Based Vulnerabilities

18min

Exploring Parameters in HTTP Requests and XML Exploits

12min

Leveraging Match and Replace for Bug Bounty Hunting

8min

Enhancements and Flexibility of Match and Replace in Kaido

11min

Using Match and Replace Rules in Bug Bounty Testing

19min

Enhancing Burp Suite Functionality with Static Routing Tables and X-Forwarded-For Header

10min

10.

Discussion on Updating Plugin Format and New Workflow Features

2min

Episode 76: In this episode of Critical Thinking - Bug Bounty Podcast we’re talking about Match and Replace and the often overlooked use cases for it, like bypassing paywalls, modifying host headers, and storing payloads. We also talk about the HackerOne Ambassador World Cup and the issues with dupe submissions, and go through some write-ups.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Resources

Zoom Session Takeover

https://nokline.github.io/bugbounty/2024/06/07/Zoom-ATO.html

SharePoint XXE

https://x.com/thezdi/status/1796207012520366552

Shazzer

https://shazzer.co.uk/

Timestamps:

(00:00:00) Introduction

(00:05:06) H1 Ambassador World Cup

(00:13:57) Zoom ATO bug

(00:33:28) SharePoint XXE

(00:39:36) Shazzer

(00:46:36) Match and Replace

(01:13:01) Match and Replace in Mobile

(01:21:13) Header Replacements

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Critical Thinking - Bug Bounty Podcast

Episode 76: Match & Replace - HTTP Proxies' Most Underrated Feature

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Validate Attack Strategy

Feature Flag Manipulation

JavaScript Modification

Edge Case Resolution

Thorough RBAC Testing and JavaScript Analysis

Impact of Paywall Bypasses and Considerations

Exploring Niche Functionalities and Exploitation Techniques in Applications

Exploring the Static Routing Tables Feature in Burp Suite

Remember Everything You Learn from Podcasts