The Art of Web Architectures (Ep. 39)

In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architecture. better get started on this one, cause we're going to need a part two!

Follow us on twitter at:   / ctbbpodcast  

We're new to this podcasting thing, so feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater & Teknogeek on twitter:
  / rhynorater  
  / 0xteknogeek  

CT shoutout from Live Overflow:    • Hacker Tweets Explained  

Chrome Override updates: https://developer.chrome.com/blog/new...

GPT-4/AI Prompt Injection
https://x.com/rez0__/status/170633416...
https://x.com/evrnyalcin/status/17072...

Caido Releases Pro free for students:   / 1707099640846250433  
...or, use code "ctbbpodcast" for 10% of the subscription price 😁

Aleksei Tiurin on SAML hacking:   / 1704906212913951187  

Account Takeover on Tesla:   / post-account-takeover-account-takeover-of-...  

Joseph: https://portswigger.net/bappstore/82d...

Cookie Monster: https://github.com/iangcarroll/cookie...

HTMX: https://htmx.org/

Timestamps
(00:00:00) Introduction
(00:04:40) Shoutout from Live Overflow
(00:06:40) Chrome Overrides update
(00:08:48) GPT-4V and AI Prompt Injection
(00:14:35) Caido Promos
(00:15:40) SAML Vulns
(00:17:55) Account takeover on Tesla, and auth token from one context in a different context
(00:24:30) Testing for vulnerabilities in JWT-based authentication
(00:28:07) Web Architectures
(00:32:49) Single page apps + a rest API
(00:45:20) XSS vulnerabilities in single page apps
(00:49:00) Direct endpoint architecture
(00:55:50) Content Enumeration
(01:02:23) gRPC & Protobuf
(01:06:08) Microservices and Reverse Proxy
(01:12:10) Request Smuggling/Parameter Injections