For a long time, Burp suite was basically the HTTP proxy that everyone was using despite numerous problems that we have had with it. However, Burp’s competitor - Caido is getting more and more traction recently and is getting more people onboard. I’m happy to see it...
Tools
Shortcuts that speed up my hacking every day
Using shortcuts makes you more efficient in any job and hacking is no exception. Small gains here and there save you hours in the long run and simply allow you to find more bugs in the same amount of time. Moreover, I know it’s not 100% accurate but I have to admit...
XSS exploits made easy (and super cool)
When somebody would ask me about the real impact of an XSS, I used to say that the attacker can generally do exactly the same things as the victim. It was true - in theory, I could create a JS payload that would give me exact access to what the user is doing. The...
API Security Testing using AI in Postman
I am not a big fan of separating API testing from the rest of the web - to me it’s a part of the web. However, in this blogpost, Dana Epp described a methodology of testing the API in Postman, utilising its AI assistant. I must say it looks really good. I think...
Client-side JavaScript Instrumentation
If you have been reading this newsletter for some time, you know I’m a heavy user of the DOM Invader browser extension. It’s great although it doesn’t come without cons and I’m not 100% comfortable relying on it. Especially since it only works in the embedded browser....
Unminify JS with AI
A few new code analysis tools have dropped recently. One of them is Humanify, used for un-minifying JavaScript code using AI. I think I don’t need to convince anyone about the usefulness of this. I’m interested to see how it deals with bigger files....
Effectively transform your data to hundreds of formats with CyberChef
CyberChef is a tool I use all the time. It’s capable of many things starting with decoding Base64 or Hex, through hashing and encryption, up to making HTTP requests. It’s often much quicker to do things here than to code them. The basic usage is very simple but I’m...
DevTools #4 – But where to actually set breakpoints?
This is the fourth and last issue of the series about using DevTools. After reading this, you will have all the tools needed to successfully work with JavaScript. Well, all apart from one. The most important one - the experience. Because I can’t give you that. But...
The Trail of Bits Testing Handbook
Trail of Bits is a company I have massive respect for. Thus, I’m very happy they are releasing their testing handbook where they will describe their usage of different tools for testing. Not only does it cover installation and normal usage but also things like...
JSluice: Extract URLs, paths, secrets and more from JS files
TomNomNom is the author of many great hacking tools. This time, he released something I think we’ve been missing because, to me, the existing tooling didn’t seem good enough. It’s a tool to extract URLs, paths, secrets and other interesting data from JavaScript files....