anton
@safts0ppa.bsky.social
founder / pentester @ squirrel security
This is pain to look at :')
December 5, 2024 at 1:31 PM
This is pain to look at :')
I kinda get it if it requires additional development for the vendor to implement but it's kinda shitty if using standard stuff like okta or gsuite. Have found some fun findings in pentests where you're able to implement your own SSO though, like - if you control the SSO you can be whoever you want
November 28, 2024 at 8:43 PM
I kinda get it if it requires additional development for the vendor to implement but it's kinda shitty if using standard stuff like okta or gsuite. Have found some fun findings in pentests where you're able to implement your own SSO though, like - if you control the SSO you can be whoever you want
I think this works best for developers who are familiar to understand when something's odd and worth investigating. Thoughts?
November 20, 2024 at 12:51 PM
I think this works best for developers who are familiar to understand when something's odd and worth investigating. Thoughts?
i get your point :) still, building tools usually gets you deep into how stuff actually works
November 19, 2024 at 11:09 AM
i get your point :) still, building tools usually gets you deep into how stuff actually works
That's not true :) and your csp bypass tool is really really really awesome
November 19, 2024 at 10:51 AM
That's not true :) and your csp bypass tool is really really really awesome
I actually think I know now, //example.com/<yolo> gets urlencoded since it's now part of the path.. and any value that get's parsed as an URL gets encoded. Or not? new URL("//yolo.com/") is rejected
November 19, 2024 at 9:47 AM
I actually think I know now, //example.com/<yolo> gets urlencoded since it's now part of the path.. and any value that get's parsed as an URL gets encoded. Or not? new URL("//yolo.com/") is rejected
@joaxcar.bsky.social okay so href parses any valid url, and that's why it chops it off after // or http(s)://? I'm not really sure although why anchor.href = "//example.com
English
300
Connect Bluesky
Enter your Bluesky handle and app password to unlock posting, likes, and your Following feed.
Need an app password? Open Bluesky, go to Settings > App passwords, and create a new one.
Connect with Bluesky
Sign in with your Bluesky account to unlock posting, likes, and your Following feed.