Everybody talks about SameSite, but Storage Partitioning also have a huge impact on CSRF exploitability. Nowadays most CSRFs can only be exploited with a navigation, even with SameSite=None.
@@normalitee0os All browsers now implement some kind of "State Partitioning", where a site's data (cookies, local storage, session storage...) is no longer stored globally for the site, but relative to the top-level site (the site you can see on your browser's address bar). So when a cross-site request is sent from the attackers domain, the cookie jar for the target site is essentially empty and no cookies are sent at all. A navigation fixes the problem because then you're in a first-party context, but 1) a navigation can only do a GET or a POST 2) a navigation requires a additional gesture (click or keypress) from the victim 3) you can't read the result of a navigation
@@normalitee0osIt involves isolating data storage (like cookies, cache, etc.) per site or per context to prevent tracking and cross-site attacks. With storage partitioning, even if cookies are marked as SameSite=None (which means they are accessible in requests to the domain they belong to from any site), the partitioning limits their use to only the context in which they were set. This makes it much harder for attackers to perform CSRF attacks, as the attacker's site cannot access the cookies or other storage from the site they are trying to attack.
Może jestem głupi ale mógłbyś powiedzieć jak szukać raportów które są publiczne w znaczeniu że można zobaczyć payload, PoC? Chciałbym mieć dużą bazę danych z takimi raportami ale szukać ich manualnie mi się nie chce bo by to zajęło setki godzin
That will be hard because you can't look for postMessage bugs as they are only a communication channel. But, during the XSS case study, I noted which bugs were present due to the postMessage. Maybe, after I do more case studies, I will do like a metaanalysis to see what other bugs were caused by postMessages
Thank you for watching the video! If you enjoyed it, leave a like to let the YT algorithm know you did ;)
It could be cool to have your support for premium members or maybe i missed it?
the way you say enjoy is incredible☺️
As always great video. I appreciate your effort reading all those reports and summarizing it for us.
Really Great videos man, your content gives me motivation and fueles me to hunt for bugs
Great video as always ! love your content
Everybody talks about SameSite, but Storage Partitioning also have a huge impact on CSRF exploitability. Nowadays most CSRFs can only be exploited with a navigation, even with SameSite=None.
Can You explain more on this buddy?
@@normalitee0os All browsers now implement some kind of "State Partitioning", where a site's data (cookies, local storage, session storage...) is no longer stored globally for the site, but relative to the top-level site (the site you can see on your browser's address bar). So when a cross-site request is sent from the attackers domain, the cookie jar for the target site is essentially empty and no cookies are sent at all. A navigation fixes the problem because then you're in a first-party context, but 1) a navigation can only do a GET or a POST 2) a navigation requires a additional gesture (click or keypress) from the victim 3) you can't read the result of a navigation
@@normalitee0osIt involves isolating data storage (like cookies, cache, etc.) per site or per context to prevent tracking and cross-site attacks. With storage partitioning, even if cookies are marked as SameSite=None (which means they are accessible in requests to the domain they belong to from any site), the partitioning limits their use to only the context in which they were set. This makes it much harder for attackers to perform CSRF attacks, as the attacker's site cannot access the cookies or other storage from the site they are trying to attack.
Great! I didn't know about this 2 minutes window :)
Great info man, Thank you.
stored xss with cookie exfil to csrf account deletion is a kind of deadly stuff i seen
ddddddddude we missed you a lot
Hii what software are you using to manage reports . Love your explanation ❤❤
It's Notion
@@BugBountyReportsExplained k . Thanks 😊
Może jestem głupi ale mógłbyś powiedzieć jak szukać raportów które są publiczne w znaczeniu że można zobaczyć payload, PoC? Chciałbym mieć dużą bazę danych z takimi raportami ale szukać ich manualnie mi się nie chce bo by to zajęło setki godzin
Są na Pentesterlandzie
How do i get this complete notion list ?
It's at the bottom of the article in BBRE Premium
thanks for providing quality content :}
love this case study videos thank you alot 😏
Thank you for your work
Sir which mic you are using
Rode NT-USB
Can u provide me those reports bro
Do on post messages
That will be hard because you can't look for postMessage bugs as they are only a communication channel. But, during the XSS case study, I noted which bugs were present due to the postMessage. Maybe, after I do more case studies, I will do like a metaanalysis to see what other bugs were caused by postMessages
Thankuuuuu🤌🏻🤌🏻🤌🏻