Client Side 02: ServiceWorker Bugs

Most hunters find an XSS, report it, and close the report. The impact ends there. Service Workers are the technique that turns that same XSS into persistent client-side control, control that survives the patch, the server update, and even the network going offline. This video takes the whole attack surface apart. The Service Worker lifecycle, the four ways a malicious worker gets installed, the full credential-stealing proof of concept, and the methodology for finding this on real programs. 💡 Support AmrSec on Patreon: https://patreon.com/AmrSec 🔥 Join Our Community: Discord: https://discord.gg/nxHKyJTy3h 📁 Resources Video Article: https://amrelsagaei.com/client-side-02-serviceworker-bugs ⭐ Become a Channel Member: https://www.youtube.com/@AmrSecOfficial/join ⚠️ Disclaimer This channel is for educational purposes only. The goal is to teach cybersecurity, ethical hacking, and red team/blue team skills through real tools, techniques, and experience. Always hack ethically. 🫡 🕐 Timestamps 00:00 Introduction 01:29 Check This Out 02:38 What are Service Workers 04:14 THE SERVICE WORKER LIFECYCLE 04:31 └── Registration 05:02 └── Installation 05:34 └── Activation 06:07 The Fetch Event 06:57 UNDERSTANDING SCOPE 09:26 HOW THIS GETS ABUSED 13:07 checking an injected service worker 18:09 THE FULL CHAIN, END TO END 23:11 HOW TO HUNT FOR THIS 26:07 Conclusion ⚠️ Adjust timestamps to match actual rendered video before publishing. Follow AmrSec LinkedIn: https://www.linkedin.com/in/amrelsagaei Twitter/X: https://twitter.com/amrelsagaei Instagram: https://instagram.com/amrelsagaei #BugBounty #WebSecurity #EthicalHacking #ServiceWorker #ClientSide