Critical Thinking - Bug Bounty Podcast

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Feb 12, 2026

Quick hits on CSRF and iframe techniques that bypass X-Frame-Options and SameSite cookies. A deep dive into PhoneLeak style data exfiltration using DTMF tones and intent URIs. Discussion of recent bounty program changes and controversy around policy language permitting AI use. Breakdown of cross-consumer attack techniques for tenant-hosted content discovery.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

AI Is Becoming Core To Hunting

Many bug hunters actively use AI for report drafting, payload generation, and vulnerability analysis.
Justin notes AI can find deep client-side issues and recommends integrating it into recon and code review workflows.

ADVICE

Combine JS Recon With AI

Try using tools like JXScout and Opus/Cloud Code to analyze client-side JavaScript for routes, parsers, and listeners.
Leverage AI to process downloaded JS and surface deep client-side bugs you might miss manually.

ADVICE

Frame Headers Don't Stop CSRF

Don't rely on X-Frame-Options to stop CSRF; it only blocks rendering, not the request processing.
Check SameSite cookie settings because state-changing CSRF succeeds if cookies are sent despite framing protections.

Get the Snipd Podcast app to discover more snips from this episode