Critical Thinking - Bug Bounty Podcast

Episode 96: Cookies & Caching with MatanBer

Nov 7, 2024

Explore advanced cookie parsing techniques and the unique quirks of Safari's cookie handling. Dive into the complexities of cookie exploitation and how cookie order impacts security. Discover insights on Capture the Flag challenges, particularly around caching vulnerabilities. Learn about the risks of cache poisoning and the implications of XSS vulnerabilities, emphasizing the importance of effective cookie management. Uncover practical strategies for manipulating cookies and safeguarding web applications against these threats.

49:09

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Advanced cookie manipulation techniques, such as cookie tossing and Safari's unique handling, can lead to significant web security vulnerabilities.

Exploiting caching behavior in web applications reveals new avenues for XSS attacks, illustrating the complexities of service workers and data access restrictions.

Deep dives

Converting Partial Cookie Injection

The episode discusses how to effectively convert a partial cookie injection into a full cookie injection, allowing for total control over the injected key. It highlights methods used in specific environments, particularly in Java, where unique cookie parsing logic can lead to vulnerabilities. By manipulating cookie order using a technique called cookie tossing, attackers can prioritize their malicious cookies by setting them in the right sequence and utilizing quotes to comment out preceding cookies. This approach emphasizes the complexities and nuances involved in exploiting cookie behavior, particularly in legacy systems.

Intro

3min

Navigating the Complexities of Cookie Exploitation

2min

Understanding Cookie Order and Path Management

1min

Mastering Cookie Exploitation Techniques

23min

Exploring CTF Caching Vulnerabilities

6min

Cache Security Vulnerabilities and Techniques

11min

Exploiting XSS: Persistence and Caching Techniques

3min

Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest: https://x.com/MtnBer

Resources:

Cookie Bugs - Smuggling & Injection

https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling

iOS Webkit Debug Proxy

https://github.com/google/ios-webkit-debug-proxy

HeroCTF v6 Writeups

https://mizu.re/post/heroctf-v6-writeups

Timestamps

(00:00:00) Introduction

(00:01:29) Cookie exploits

(00:21:32) Matan's Safari Adventure

(00:29:49) HeroCTF 6 writeups

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Critical Thinking - Bug Bounty Podcast

Episode 96: Cookies & Caching with MatanBer

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Converting Partial Cookie Injection

Exploiting Safari's Cookie Behavior

Cache Manipulation Techniques

Niche Exploits in CTFs

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Critical Thinking - Bug Bounty Podcast

Episode 96: Cookies & Caching with MatanBer

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Converting Partial Cookie Injection

Exploiting Safari's Cookie Behavior

Cache Manipulation Techniques

Niche Exploits in CTFs

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights