autoSSRF - Smart context-based SSRF vulnerability scanner. github.com/Th0h0/autossrf

autoSSRF (Automatic SSRF Testing) - Smart fuzzing on relevant SSRF GET parameters and Context-based dynamic payload generation - Repo: github.com/Th0h0/autossrf - Creator: Thomas Houhou - - #CyberSecurity #bugbountytips #infosec #CTF #tools

Bypass CSRF protections with Client Side Path Traversal, step-by-step 👇 1⃣ Identify any POST / PUT / DELETE XHR that takes in its path a user-controlled value 2⃣ Identify where this value is taken from (query parameters, cookies, ...) by looking at your browser dev tool's

Hey swisscyberstorm, would you mind approving my student ticket request? It's been a week since I sent you the e-mail 🥲

Thanks for sharing :)

Thank you so much Black Hat ❤️ can't wait :)

my first cve 🥹🥹

«Discovering Logic Vulnerabilities in Swisscom's End-to-End Encrypted Cloud Storage» #BugBounty thomashouhou.com/post/logic-vul…

X (Formerly Twitter) disclosed a bug submitted by Thomas Houhou: hackerone.com/reports/2244229 - Bounty: $1,500 #hackerone #bugbounty

Here are the slides of my talk at #AREA41: thomashouhou.com/slides-area41-… I might also soon write an associated blog post to give more details / discuss things i wouldn't have the time to discuss in a 45-minutes talk.

Couldn't be more happy for the outcome that this cookie tossing research ended-up to have! The whole idea of doing a talk came very randomly at the time and I wasn't even aware that I already had the sufficient material for it. "you can just do things" has never been more true :D