@rafax00

Rafael da Costa Santos

@rafax00

WEB security reseacher.

BrazilJoined June 2023

About

I'm Rafael, a Full-Time Bug Bounty Hunter and Security Researcher.

Available for

Nothing here yet.

Rafael da Costa Santos's blogs

Rafa's Security Researchesblog.bugport.net3 posts

About

I'm Rafael, a Full-Time Bug Bounty Hunter and Security Researcher.

Available for

Nothing here yet.

Rafael da Costa Santos's blogs

Rafa's Security Researchesblog.bugport.net3 posts

Articles Threads Comments1

Search Hashnode

Search posts, tags, users, and pages

@rafax00

Rafael da Costa Santos

@rafax00

WEB security reseacher.

BrazilJoined June 2023

About

I'm Rafael, a Full-Time Bug Bounty Hunter and Security Researcher.

Available for

Nothing here yet.

Rafael da Costa Santos's blogs

Rafa's Security Researchesblog.bugport.net3 posts

About

I'm Rafael, a Full-Time Bug Bounty Hunter and Security Researcher.

Available for

Nothing here yet.

Rafael da Costa Santos's blogs

Rafa's Security Researchesblog.bugport.net3 posts

Articles Threads Comments1

Comments

🔥

Comment·Article·Feb 17, 2025·CSS Data Exfiltration to Steal OAuth Token

Thanks!

Reply·Article·Oct 28, 2023·Exploiting HTTP Parsers Inconsistencies

Hi, thanks! I didn't mention Apache because I wanted to focus on findings that have a security impact, and it's not prone to any related behavior. Regarding parsing the HTTP protocol, my tests showed that Apache is the secured solution.

Reply·Article·Oct 9, 2023·Exploiting HTTP Parsers Inconsistencies