Episode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architecture. better get started on this one, cause we're going to need a part two!
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
CT shoutout from Live Overflow
https://www.youtube.com/watch?v=3zShGLEqDn8
Chrome Override updates
https://developer.chrome.com/blog/new-in-devtools-117/#overrides
GPT-4/AI Prompt Injection
https://x.com/rez0__/status/1706334160569213343?s=20 & https://x.com/evrnyalcin/status/1707298475216425400?s=20
Caido Releases Pro free for students
https://twitter.com/CaidoIO/status/1707099640846250433
Or, use code ctbbpodcast for 10% of the subscription price
Aleksei Tiurin on SAML hacking
https://twitter.com/antyurin/status/1704906212913951187
Account Takeover on Tesla
Joseph
https://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61
Cookie Monster
https://github.com/iangcarroll/cookiemonster
HTMX
Timestamps:
(00:00:00) Introduction
(00:04:40) Shoutout from Live Overflow
(00:06:40) Chrome Overrides update
(00:08:48) GPT-4V and AI Prompt Injection
(00:14:35) Caido Promos
(00:15:40) SAML Vulns
(00:17:55) Account takeover on Tesla, and auth token from one context in a different context
(00:24:30) Testing for vulnerabilities in JWT-based authentication
(00:28:07) Web Architectures
(00:32:49) Single page apps + a rest API
(00:45:20) XSS vulnerabilities in single page apps
(00:49:00) Direct endpoint architecture
(00:55:50) Content Enumeration
(01:02:23) gRPC & Protobuf
(01:06:08) Microservices and Reverse Proxy
(01:12:10) Request Smuggling/Parameter Injections