Episode 96: Cookies & Caching with MatanBer

Update: 2024-11-07

Description

Episode 96: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with Matanber to hit some stuff we ran out of time on last episode. We talk about advanced cookie parsing techniques and exploitation methods, Safari's unique behaviors regarding cookie handling and debugging methods, and some of the writeups from the HeroCTF v6.

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Guest: https://x.com/MtnBer

Resources:

Cookie Bugs - Smuggling & Injection

https://blog.ankursundara.com/cookie-bugs/#:~:text=Cookie%20Smuggling

iOS Webkit Debug Proxy

https://github.com/google/ios-webkit-debug-proxy

HeroCTF v6 Writeups

https://mizu.re/post/heroctf-v6-writeups

Timestamps

(00:00:00 ) Introduction

(00:01:29 ) Cookie exploits

(00:21:32 ) Matan's Safari Adventure

(00:29:49 ) HeroCTF 6 writeups

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

Episode 98: Team 82 Sharon Brizinov - The Live Hacking Polymath

2024-11-2101:43:57

Episode 97: Bcrypt Hash Input Truncation & Mobile Device Threat Modeling

2024-11-1453:05

Episode 96: Cookies & Caching with MatanBer

2024-11-0749:09

Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side

2024-10-3101:56:23

Episode 94: Zendesk Fiasco & the CTBB Naughty List

2024-10-2449:29

Episode 93: A Chat with Dr. Bouman - Life as a Hacker and a Doctor

2024-10-1701:41:29

Episode 92 - SAML XPath Confusion, Chinese DNS Poisoning, and AI Powered 403 Bypasser

2024-10-1047:38

Episode 91: Zero to LHE in 9 Months (feat gr3pme)

2024-10-0301:22:50

Episode 90: 5k Clickjacking, Encryption Oracles, and Cursor for PoCs

2024-09-2651:42

Episode 89: The Untapped Bug Bounty Landscape of IoT w/ Matt Brown

2024-09-1901:58:03

Episode 88: News, Tools, and Writeups

2024-09-1201:06:08

Episode 87: 'Hacker Wife' Mariah Gardner on Bug Bounty mentality and relationships

2024-09-0501:26:41

Episode 86: The X-Correlation between Frans & RCE - Research Drop

2024-08-2942:09

Episode 85: Practical Applications of DEFCON 32 Web Research

2024-08-2201:30:30

Episode 84: 0xLupin & Takeaways from Google's Las Vegas BugSwat

2024-08-1527:15

Episode 83: Brainstorming Proxy Plugins

2024-08-0854:50

Episode 82: Part-Time Bug Bounty

2024-08-0136:32

Episode 81: Crushing Client-Side on Any Scope with MatanBer

2024-07-2502:04:48

Episode 80: Pwn2Own VS H1 Live Hacking Event (feat SinSinology)

2024-07-1802:49:26

Episode 79: The State of CSS Injection - Leaking Text Nodes & HTML Attributes

2024-07-1101:10:25

00:00

1.0x

Episode 96: Cookies & Caching with MatanBer

#box-pro-ellipsis-173227865718152{-webkit-line-clamp:2;}Episode 96: Cookies & Caching with MatanBer

Episode 96: Cookies & Caching with MatanBer

Episode 96: Cookies & Caching with MatanBer