Frans Rosén (@fransrosen) / X

Frans Rosén

2,750 posts

Frans Rosén

@fransrosen

Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.

Sweden

Joined October 2009

Pinned
Frans Rosén
@fransrosen
May 1, 2020
Took more than 2 years, but just released the postMessage-tracker Chrome Extension! github.com/fransr/postMes… Look at the functions receiving postMessages directly in the extension, look at the messages and sender/receiver window locations and track everything using a log-URL.
Frans Rosén
@fransrosen
Jul 6, 2022
I decided to make a homage-post to @homakov and @Nirgoldshlager about different OAuth-token leakage methods I've been researching – ten years after their blog posts that inspired me to start hunt for bugs ♥️ thank you.
Account hijacking using "dirty dancing" in sign-in OAuth-flows
From labs.detectify.com
Frans Rosén
@fransrosen
Oct 2, 2019
If you have an AppleTV named as an XSS-payload it will trigger when AirPlay is used in Safari on iOS. A pretty far-fetched UXSS I would say.
Frans Rosén
@fransrosen
Sep 13, 2021
I found some permission issues when hacking Apple CloudKit. I wrote about three of them @detectify labs, one where I accidentally deleted all shared Apple Shortcuts. labs.detectify.com/2021/09/13/hac…
Frans Rosén
@fransrosen
May 10, 2019
Akamai WAF bypass XSS in HTML-context when no character-filtering exists to trick it: <style>@KeyframeS a{}b{animation:a;}</style><b/onanimationstart=prompt`${document.domain}`>
Frans Rosén
@fransrosen
May 23, 2019
Here are my slides from my talk at the Facebook/Google-hosted BountyCon 2019 in Singapore earlier this year: Live Hacking like a MVH – A walkthrough on methodology and strategies to win big
Live Hacking like a MVH – A walkthrough on methodology and strategies to win big
From speakerdeck.com
Frans Rosén
@fransrosen
Sep 17, 2021
There's something beautiful and nostalgic about old XSS-alerts from reports sent almost 10 years ago.
Frans Rosén
@fransrosen
Feb 16, 2021
If you're testing a site that needs a unique CSRF-token for each call, you can use Hackvertor's custom tags to make a simple python script to fetch a new token for you. Very simple solution and works very nicely. Thank you again @garethheyes! gist.github.com/fransr/34a17f5…
Frans Rosén
@fransrosen
Feb 18, 2021
We did some fun tricks with nginx on bug bounties a while back, and made a post about out the configurations being vulnerable
Middleware, middleware everywhere - and lots of misconfigurations to fix
From labs.detectify.com
Frans Rosén
@fransrosen
Jul 5, 2018
Here are my slides from today @AppSecEU: Attacking "Modern" Web Technologies: slideshare.net/fransrosen/att… #bugbounty
Frans Rosén
@fransrosen
Oct 21, 2023
61K
Frans Rosén
@fransrosen
Sep 24, 2024
I just won my 4th MVH at @Hacker0x01 H1-0131 in Scotland! 🤯 So sad I could not attend in person, been some crazy hacking weeks with @avlidienbrunn and also the now kilt-powered hacking duo @zseano and @JonathanBouman. Thank you! ♥️
18K
Frans Rosén
@fransrosen
Aug 2, 2022
I was finally able to disclose one of the examples from my last blog post labs.detectify.com/2022/07/06/acc… Here's the PoC-movie from the report to Reddit:
00:00
publiclyDisclosed
@disclosedh1
Aug 2, 2022
Reddit disclosed a bug submitted by fransrosen: hackerone.com/reports/1567186 - Bounty: $10,000 #hackerone #bugbounty
Frans Rosén
@fransrosen
Aug 9, 2023
Three time MVH. Feels good, not gonna lie.
HackerOne
@Hacker0x01
Aug 9, 2023
Congratulations to our #H1702 winners! 🎉 1st Place: fransrosen, avlidienbrunn 2nd Place: jonathanbouman, zseano Best Team Collaboration: jonathanbouman, zseano Exterminators: fransrosen, avlidienbrunn, inhibitor181 Eradicator: meals, yashrs MVH: fransrosen, avlidienbrunn
48K