Nahamcon Talk 2023 === Plaintext Credit Card information is the holy grail of hacking. In this talk, two experienced bug bounty hunters (Rhynorater & FransRosen) explain how they compromised the checkout flows of many top players in the payment processing industry and pulled in tens of thousands of dollars in bounties along the way. After hours of pouring over JS code to find XSS, CSS Injection, and PostMessage leakages, these two hunters compile their findings into a story-like flow explaining the path to those precious 16 digits. Targets: * PayPal * Instacart * Shopify * Stripe * WholeFoods * Yelp