My first post for the @ctbbpodcast.bsky.social Research Lab is live.
Super excited to be part of this team, can't wait to see what crazy research is gonna come from this!
lab.ctbb.show/research/Exp...
🚀New plugin in the Caido Store!
Introducing "DOMLogger++" by @mizu.re
Track DOM-based flows to see how user input reaches sensitive browser APIs, with data captured by the browser extension.
Check out more details: github.com/kevin-mizu/d...
Ways to turn XSS in a Web Worker into full XSS, covering known tricks and a new generic exploit using Blob URLs with the Drag and Drop API
We've just published a novel technique to bypass the __Host and __Secure cookie flags, to achieve maximum impact for your cookie injection findings: portswigger.net/research/coo...
Video
Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and serve
A quick update has been made to DOMLogger++ to add / update a few things. It's not a big deal, but it should allow interesting stuff to be done :)
It should be available on the stores in the coming hours.
DOMLogger++ v1.0.9 is now out and available! 🎉
This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥
It also brings full Caido session handling, which is going to be useful in the near future! 👀
👉 github.com/kevin-mizu/d...
1/2
I'm happy to release the first version of my DOMLogger++ plugin for @caido.io! 🔎
It improves the browser extension in several ways:
• Persistent, per-project storage
• Temporary session recording
• AI support
• Stack trace reconstitution
• ...
👉 github.com/kevin-mizu/d...
