Sandboxed IFrames and WAF Bypasses (Ep. 73)
HTML-код
- Опубликовано: 5 авг 2024
- Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.
Follow us on twitter at: / ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to / realytcracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater & Teknogeek on twitter:
/ 0xteknogeek
/ rhynorater
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Resources:
?. Tweet
x.com/garethheyes/status/1786...
NoWafPls
github.com/assetnote/nowafpls
Redacted Reports
x.com/deadvolvo/status/179039...
Breaking CORS
x.com/MtnBer/status/179465782...
Sandbox-iframe XSS challenge solution
joaxcar.com/blog/2024/05/16/s...
iframe and window.open magic
blog.huli.tw/2022/04/07/en/if...
domloggerpp
github.com/kevin-mizu/domlogg...
Timestamps
(00:00:00) Introduction
(00:03:29) ?. Operator in JS and NoWafPls
(00:07:22) Redacting our own reports
(00:11:13) Breaking CORS
(00:17:07) Sandbox-iframes
(00:24:11) Dom hook plugins - Наука
I Love Thursdays! Thank you for another awesome episode
Perfect timing on the WAF tutorial. It follows up & meshes well with Shubs WAF tips from NahanCon2024. ❤ you guys...thanx for sharing!! 💪
Always excellent podcast! Thanks guys!
Great pod per usual :)
Can you guys interview the bugbountyhq mark Litchfield...
Where is your Caido plugin version of nowafpls? Or should I be searching for nowafplz? :P