Critical Thinking - Bug Bounty Podcast Episode 128: New Research in Blind SSRF and Self-XSS, and How to Architect Source-code Review AI Bots
Jun 26, 2025
Delve into the vulnerabilities of self-XSS and the complexities of blind SSRF attacks, unveiling the latest research on HTTP redirect techniques. Explore the innovative applications of AI in reversing minified JavaScript and improving code security. Hear about exciting new tools like Lumintus for better bug bounty documentation and the implications of URL spoofing linked to Google font ligatures. This engaging discussion combines technical insights with the evolving landscape of web security.
AI Snips
Chapters
Transcript
Episode notes
Credentialless Iframes' Same Origin Access
- Credentialless iframes share the same origin as normal iframes, allowing cross-access to data inside frames.
- This behavior eliminates the need for logout CSRF tokens by isolating cookie jars in credentialless frames.
Bypass Login CAPTCHA Tactics
- Bypass login CAPTCHAs using a WebSocket to pipe challenges to an attacker who solves them.
- This method enables triggering login CSRFs by solving CAPTCHA in real-time.
FetchLater Enables Persistent SSRF
- The fetchLater function allows delayed fetch requests that execute even after a page closes.
- Combining fetchLater with redirect loops can extend request delay up to an hour and a half for stealthy SSRF attacks.