Episode 73: Sandboxed IFrames and WAF Bypasses - podcast episode cover

Episode 73: Sandboxed IFrames and WAF Bypasses

May 30, 202431 minSeason 1Ep. 73
--:--
--:--
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Episode 73: In this episode of Critical Thinking - Bug Bounty Podcast we give a brief recap of Nahamcon and then touch on some topics like WAF bypass tools, sandboxed iframes, and programs redacting your reports.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today's Sponsor - Project Discovery: https://nux.gg/podcast

Resources:

?. Tweet

https://x.com/garethheyes/status/1786836956032176215

NoWafPls

https://github.com/assetnote/nowafpls

Redacted Reports

https://x.com/deadvolvo/status/1790397012468199651

Breaking CORS

https://x.com/MtnBer/status/1794657827115696181

Sandbox-iframe XSS challenge solution

https://joaxcar.com/blog/2024/05/16/sandbox-iframe-xss-challenge-solution/

iframe and window.open magic

https://blog.huli.tw/2022/04/07/en/iframe-and-window-open/#detecting-when-a-new-window-has-finished-loading

domloggerpp

https://github.com/kevin-mizu/domloggerpp

Timestamps

(00:00:00) Introduction

(00:03:29) ?. Operator in JS and NoWafPls

(00:07:22) Redacting our own reports

(00:11:13) Breaking CORS

(00:17:07) Sandbox-iframes

(00:24:11) Dom hook plugins

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
Episode 73: Sandboxed IFrames and WAF Bypasses | Critical Thinking - Bug Bounty Podcast - Listen or read transcript on Metacast