This video is an explanation of bug bounty report submitted on Hackerone to Hackerone’s own bug bounty program. The bug was a timeless cross-site leaks attack (also known as timeless timing attack). It allowed disclosing parts of private Hackerone reports.
🖥 Get $100 in credits for Digital Ocean 🖥
The presentation about Timeless timing attacks from @DEFCONConference
Follow me on twitter:
00:30 What is /bugs.json endpoint on Hackerone?
01:30 Time-based XSleak technique
04:32 Timeless XSleak technique
06:28 TCP congestion – How to force the browser to send 2 HTTP requests in 1 TCP packet?
08:12 Extracting contents of private Hackerone reports