<description>&lt;p&gt;Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.&lt;/p&gt;&lt;p&gt;Follow us on twitter at: &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast"&gt;https://x.com/ctbbpodcast&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Got any ideas and suggestions? Feel free to send us any feedback here: &lt;a target="_blank" rel="noopener noreferrer nofollow" href="mailto:info@criticalthinkingpodcast.io"&gt;info@criticalthinkingpodcast.io&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Shoutout to&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"&gt; YTCracker&lt;/a&gt; for the awesome intro music!&lt;/p&gt;&lt;p&gt;====== Links ======&lt;/p&gt;&lt;p&gt;Follow your hosts Rhynorater, rez0 and gr3pme on X:&lt;/p&gt;&lt;p&gt;&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater"&gt;https://x.com/Rhynorater&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__"&gt;https://x.com/rez0__&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/gr3pme"&gt;https://x.com/gr3pme&lt;/a&gt;&lt;/p&gt;&lt;p&gt;====== Ways to Support CTBBPodcast ======&lt;/p&gt;&lt;p&gt;Hop on the CTBB Discord at &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord"&gt;https://ctbb.show/discord&lt;/a&gt;!&lt;/p&gt;&lt;p&gt;We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.&lt;/p&gt;&lt;p&gt;You can also find some hacker swag at &lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch"&gt;https://ctbb.show/merch&lt;/a&gt;!&lt;/p&gt;&lt;p&gt;Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control&lt;/p&gt;&lt;p&gt;&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/tl-ec"&gt;https://ctbb.show/tl-ec&lt;/a&gt;&lt;/p&gt;&lt;p&gt;====== Resources ======&lt;/p&gt;&lt;p&gt;Nowasky's Tweet #1&lt;/p&gt;&lt;p&gt;&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/nowaskyjr/status/1993421017381744974"&gt;https://x.com/nowaskyjr/status/1993421017381744974&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Nowasky's Tweet #2&lt;/p&gt;&lt;p&gt;&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/nowaskyjr/status/1992717862398800081"&gt;https://x.com/nowaskyjr/status/1992717862398800081&lt;/a&gt;&lt;/p&gt;&lt;p&gt;rep+ in Chrome DevTools&lt;/p&gt;&lt;p&gt;&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/BourAbdelhadi/status/1992622964077179229"&gt;https://x.com/BourAbdelhadi/status/1992622964077179229&lt;/a&gt;&lt;/p&gt;&lt;p&gt;Terjanq Post from 2021&lt;/p&gt;&lt;p&gt;&lt;a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/terjanq/status/1421093136022048775"&gt;https://x.com/terjanq/status/1421093136022048775&lt;/a&gt;&lt;/p&gt;&lt;p&gt;====== Timestamps ======&lt;/p&gt;&lt;p&gt;(00:00:00) Introduction&lt;/p&gt;&lt;p&gt;(00:02:58) Client-side news &amp;amp; AI Updates&lt;/p&gt;&lt;p&gt;(00:12:02) Third-Party Cookie Nuances &amp;amp; PostMessages&lt;/p&gt;&lt;p&gt;(00:30:09) Iframe Tricks&lt;/p&gt;&lt;p&gt;(00:47:43) URL Parsing, CSPTS, and Client-side Routes&lt;/p&gt;</description>

Critical Thinking - Bug Bounty Podcast

Justin Gardner (Rhynorater) & Joseph Thacker (Rez0)

Episode 151: Client-side Advanced Topics

DEC 4, 202567 MIN
Critical Thinking - Bug Bounty Podcast

Episode 151: Client-side Advanced Topics

DEC 4, 202567 MIN

Description

<p>Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL Parsing, and more.</p><p>Follow us on twitter at: <a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/ctbbpodcast">https://x.com/ctbbpodcast</a></p><p>Got any ideas and suggestions? Feel free to send us any feedback here: <a target="_blank" rel="noopener noreferrer nofollow" href="mailto:[email protected]">[email protected]</a></p><p>Shoutout to<a target="_blank" rel="noopener noreferrer nofollow" href="https://twitter.com/realytcracker"> YTCracker</a> for the awesome intro music!</p><p>====== Links ======</p><p>Follow your hosts Rhynorater, rez0 and gr3pme on X:</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/Rhynorater">https://x.com/Rhynorater</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/rez0__">https://x.com/rez0__</a></p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/gr3pme">https://x.com/gr3pme</a></p><p>====== Ways to Support CTBBPodcast ======</p><p>Hop on the CTBB Discord at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/discord">https://ctbb.show/discord</a>!</p><p>We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.</p><p>You can also find some hacker swag at <a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/merch">https://ctbb.show/merch</a>!</p><p>Today's Sponsor: ThreatLocker. Check out ThreatLocker Elevation Control</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://ctbb.show/tl-ec">https://ctbb.show/tl-ec</a></p><p>====== Resources ======</p><p>Nowasky's Tweet #1</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/nowaskyjr/status/1993421017381744974">https://x.com/nowaskyjr/status/1993421017381744974</a></p><p>Nowasky's Tweet #2</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/nowaskyjr/status/1992717862398800081">https://x.com/nowaskyjr/status/1992717862398800081</a></p><p>rep+ in Chrome DevTools</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/BourAbdelhadi/status/1992622964077179229">https://x.com/BourAbdelhadi/status/1992622964077179229</a></p><p>Terjanq Post from 2021</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://x.com/terjanq/status/1421093136022048775">https://x.com/terjanq/status/1421093136022048775</a></p><p>====== Timestamps ======</p><p>(00:00:00) Introduction</p><p>(00:02:58) Client-side news &amp; AI Updates</p><p>(00:12:02) Third-Party Cookie Nuances &amp; PostMessages</p><p>(00:30:09) Iframe Tricks</p><p>(00:47:43) URL Parsing, CSPTS, and Client-side Routes</p>