Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans

Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove during and after breaks. We also celebrate the newly launched Critical Thinking Discord Community before diving into Iframe Sandwhiches, JS Hoisting, CSP Bypasses, and a host of new tools, techniques, and tangents.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB Discord at https://ctbb.show/discord!ThankUNextjswzlRapid APISSRF Utility tool by BebiksTweet from Johan CarlssonBurp Extension from Google VRPJustin's Tweet about JS HoistingBypass CSP Using WordPressHow to trick CSP in letting you run whatever you wantTimestamps:(00:00:00) Introduction(00:01:58) Overcoming Bug Bounty struggles and getting back into the hacking groove(00:07:46) Taking notes and sticking to one program(00:14:50) Critical Thinking Discord, Community highlights, and Competition vs Collaboration(00:22:25) Secondary context bugs and Automationism(00:28:42) ThankUNext and Client-side Paths(00:33:45) Tool Tangents: Jswzl, Caido, Postman, and Rapid API(00:46:49) New SSRF Utility tool by Bebiks and the continuing evolution of hacking tools(00:51:45) Iframe Sandwiches(00:58:54) News Items(01:06:12) JS Hoisting(01:15:05) CSP Bypasses