April 2, 2026

Episode 168: The Doctor is in (devtools)

Episode 168: The Doctor is in (devtools)
The player is loading ...
Episode 168: The Doctor is in (devtools)
Episode 168: The Doctor is in (devtools)
Apple Podcasts podcast player badge
Spotify podcast player badge
Castro podcast player badge
RSS Feed podcast player badge
YouTube podcast player badge
Apple Podcasts podcast player iconSpotify podcast player iconCastro podcast player iconRSS Feed podcast player iconYouTube podcast player icon
Season 1

Episode 168: In this episode of Critical Thinking - Bug Bounty Podcast we’re getting a visit from the XSS Doctor. Jonathan joins us to go through his Client-side workflow, run labs, and diagnose some bugs live.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!


====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today’s Guest: https://x.com/xssdoctor


====== Resources ======


Lab.ctbb.show


URL validation bypass cheat sheet

https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet


====== Timestamps ======

(00:00:00) Introduction

(00:01:37) Home Automation AI Hack & E-signature bug stories

(00:12:15) E-signature bug

(00:17:01) XSS DR Intro and Bug Bounty Journey

(00:31:51) CSPT Workflows

(01:07:57) Wildcard Path Parameters

(01:30:34) Custom Sinks