Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
------ Ways to Support CTBBPodcast ------
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
Today’s Guest: https://x.com/MtnBer
Resources:
Cookie Bugs - Smuggling & Injection
https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling
iOS Webkit Debug Proxy
https://github.com/google/ios-webkit-debug-proxy
HeroCTF v6 Writeups
https://mizu.re/post/heroctf-v6-writeups
Timestamps
(00:00:00) Introduction
(00:01:29) Cookie exploits
(00:21:32) Matan's Safari Adventure
(00:29:49) HeroCTF 6 writeups