Critical Thinking - Bug Bounty Podcast Episode 81: Crushing Client-Side on Any Scope with MatanBer
21 snips
Jul 25, 2024 Join MatanBer, a seasoned expert in client-side hacking and DevTools, as he shares invaluable insights on navigating web vulnerabilities. He discusses advanced techniques for exploiting client-side issues like XSS and HTML injection, while offering practical DevTools tips that enhance debugging efficiency. The conversation delves into the appeal of chaining attacks and overcoming Web Application Firewalls, alongside personal anecdotes that illuminate the challenges of real-world cybersecurity. It's a treasure trove of knowledge for aspiring hackers!
AI Snips
Chapters
Transcript
Episode notes
Safari Quirk
- Matan Ber found a Safari quirk while helping someone download Google Drive photos.
- Safari allows HTML injection via a specific content-type without JavaScript execution.
Call Stack Navigation
- Use the call stack section in DevTools to avoid getting lost while debugging.
- Clicking the uppermost entry jumps back to the current breakpoint.
Dynamic Analysis First
- Prioritize dynamic analysis over diving straight into JavaScript code.
- Use breakpoints, DOM loggers, and get familiar with the application's functionality.