Critical Thinking - Bug Bounty Podcast Episode 151: Client-side Advanced Topics
13 snips
Dec 4, 2025 Dive into the nuances of third-party cookies and learn how Chrome's partitioning impacts security. Discover clever iframe tricks and the intricacies of postMessage for cross-window communication. Explore the dangers of URL parsing quirks and how they can open doors to novel attacks. From sandboxed iframes to managing window hijacking, this conversation offers fresh insights into advanced client-side vulnerabilities and strategies to defend against them.
AI Snips
Chapters
Transcript
Episode notes
Hook Listeners Directly To Catch Hidden Messaging
- Use tooling and conditional breakpoints to catch postMessage and MessagePort traffic because some tools miss them.
- Search for event listeners in DevTools and log within them to ensure you observe hidden channels.
Sandbox Attributes Change Spawned Page Behavior
- Sandbox attributes shape the runtime context of an iframe and can disable JS, forms, or navigation on spawned pages.
- Those constraints can trigger unexpected fallback code paths in third-party pages you open.
Use Frame Names To Hijack Popups
- Name iframes/windows intentionally to hijack popups: attacker-controlled frames with a known name can receive window.open targets.
- Test OAuth and callback flows for redirects that open into your named iframe to capture tokens or hashes.