Abusing iframes from a Client-side Hacker (Ep. 119)

Episode 119: In this episode of Critical Thinking - Bug Bounty Podcast Justin does a mini deep dive into the world of iframes, starting with why they’re significant, their attributes, and how to attack them.

CORRECTION: Some of my comments on the latest episode of the pod were woefully inaccurate about the `csp` attribute of an iframe. Def should have read the spec more thoroughly. Please see the #corrections channel in Discord for the deets.

Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]
Shoutout to   / realytcracker   for the awesome intro music!


====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
https://x.com/Rhynorater
https://x.com/rez0__


====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!


====== Resources ======
Episode with JR0ch17
ctbb.show/61

Exacerbating Cross-Site Scripting: The Iframe Sandwich
https://coopergyoung.com/exacerbating...

====== Timestamps ======
(00:00:00) Introduction
(00:01:20) Why are Iframes useful
(00:05:11) Attributes of Iframes
(00:21:39) Iframe Attacks
(00:29:53) Iframe Fun Facts