TomNomNom looks like a teacher. A really good one. Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with. Real nice guy.
It is a 2 year old video when I am watching it. The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
This is what i understood from this: Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
Finally bridging the gap between web developers and cybersecurity engineers. Well done. Some notes to self: 1. Be mindful that once something is on the internet--someone is always watching. 2. Always make sure sensitive information (such as passed credentials) are not visible to the public. 3. Change up the folder structure and resource filenames of applications.
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
the interviewer is perfect, and as soon as he asked the questions in the very beginning I knew he knew what he was talking about. He also let the guest talk and that was very nice. good job Sir
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
This is ABSOLUTELY hands down! One of the best and most educative YT videos I have seen on hacking. I don't know if it could be a little that I am just understanding it all alot more because I've found a few other videos that are good also and when I first started trying to learn.. the videos all just went way too fast and I didnt feel like they explained anything properly. But now I am learning so so much from Hacker 1's docs, videos and labs! Thank you Hacker One!
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
The best part of going to school to be a legit hacker is that you can actually feel your jedi powers growing!! now looking at this tho i still can code. Much is it i understand now. SO SATISFYING!!
Whoever chose the background track (I think @STOK chose it), did a really excellent job. It really locked me to the tutorial, otherwise I'm pretty sure I would've got distracted by some stupid things 😆.
I totally loved this lesson, it was juicy in terms of potential hacking and super pedagogical! Obviously @STÖK knows (at least) some things and @TomNomNom knows a LOT and both are really humble. I need many more HACKY CODING SESSIONS like this one! It's really engaging the way this interview was driven. Good material, dude. Cheers from Argentina.
the way this guy uses the debugger is the exactly right way to use it when developing web apps. I have actually never seen such a good video one how to do it, thanks!
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
this elaborate thought process and very simple explanation has just opened my mind to how i should start approaching web security and made it less intimidating for me! thank you so much!!
hey, do you know that if you type your password in a RUclips comment it gets automatically hidden? Like this: **************** ! It's a very cool RUclips comment feature, try it!
The erie music in the background while describing dev tools🤣👍 how about going into a coffee shop and spoofing the router, or maybe the next video talk about wireshark... 😳
It's funny how it seems like the target audience are people interested in cybersecurity who have not a lot of knowledge. And the first 4 and a half minutes are easy to follow for such a persona. But then boom; JSON, API keys, end points. It goes deep really really fast. Obviously, you need to understand what to look for. But this means that your target audience is not a 8-year-old kid interested in 'hacking'. It's actual, serious people with a bit of a background looking for more in-depth knowledge about cyber security. The enthusiasm of Stök really bends towards the 8-year-old interested in 'hacking' while the subject matter is on the level of serious people with a bit of a background
I'm able to measure my progress, as far as learning and understanding dev tools and client side code, by looking at the video timer right after I say out loud, "I have absolutely no idea what's going on right now." It used to be like 6 min, and now its close to 16!! Look out, bug bounty world! I almost understand half of a Hackerone Javascript video, thats 4 years old. I know, its pretty impressive. ...dont worry, I'll leave some bugs for you guys.
4:01
"Pretty print"
"No waaaay"
k
funny, BUT I DID NOT KNOW THAT FUCKING BUTTON WAS THERE ALL THIS TIME!
hahah
imposible! XD
JerreMuesli IKR!!!!
no wayyy thats niceeee
tomnomnom should start teaching people, this guy got a voice of perfect lecturer
Liskowy and he has no Indian accent
oh yeah i can imagine good what he wnat to explain and his voice is great to listen. and im straight
@@hemax_ touchè lad
@@hemax_ lmaooo
Yes exactly
- It's CSS
- What's CSS ?
- Cascading Style Sheet
- Whoaaaa!!!!!
STÖK talks alot about yavascript ahahha
Aye man don’t be mean or I’ll hack your windows Home Screen with some good templates (I’ll go with bootstrap)
@@loganlandry7852 @
Layne Jasper dumb spammers
Xd
Background music 😂😂
It's perfect 🤓😆
That what you should listening on when you performing a hunting :)
Sounds like it's from EVE...
Good Lord! 😂😂😂
its sounds like COD WARZONE
Ugh... "xml http request"
the other guy: "whoaa!!"
really dude...
Kek
Drugs.
XD
Relax. I suspect @STÖK knows more than he lets on, here. His "whoaa" is probably more of a didactic device than genuine amazement.
@@jub0bs I don't think so! His whoaaa!! was real! He's said in most of his videos that he is not very good at coding.
TomNomNom looks like a teacher. A really good one.
Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with.
Real nice guy.
Perfect cover. A little too nice for a hacker even if bounty side
JJ
Li
U
H.
It is a 2 year old video when I am watching it.
The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
we are too late in hacking buddy LOL we should learn fast to get things out
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
That was so much of knowledge ! Thankyou so much stok !🔥
Get some more videos like this
thank you for your content and sharing the knowledge:)
Link of yur youtube wrong=> ruclips.net/user/STOKfredrik
I'm gonna need a mouse without the STOK
The music in the background is so intense, I will never look at a XHR request quite the same way.
Creepy music lol
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
Where can I learn more about this?
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
Wow thanks so much! That helped me more than you know! 🎉
I take everything back - the speaker is amazing. So calm, so much and clear information, presented very politely and soothing voice ;-) please, more!!
That's a cool debugging tutorial, Marshall Eriksen.
LOL
after the first 10 mins, i was like hell, thats a little long for just a debugging tutorial :-p . and it was.
HAAHAHAHHA
exactly haha, now you can debug your partner's spaghetti code
Lol
I've found it very useful. I would love to see more such videos in the future. You guys are awesome. Thanks, TomNomNom & STÖK :-)
Second that
2:29 Are we gonna just ignore the 1st thing on Yahoo News? 😂
Yikes. I missed that.
sweet home alabama *INTENSIFIES*
@Neronian Diamanti wrong
@@n4rfy477 100times lmao
LMAO 🤷🏾♂️
Web devs. Are gonna have a nice time watching this😂
sure did. the tool is same but the mentality is fresh.
I wasted my time using dev tools the wrong way
@@tjtheo5280 ? what lol
ikr?
I love this! Using devtool excessively already, but man, did I miss some great stuffz!
So basically it's a debuggers tutorial 😂
Two lamers talk about debugging.
@@maxmix6406 lamers, lol
Debugging is Art of Exploitation
@@neowick-fp4tttrue, and so is proper punctuation, what you didn't do, which is the art of basic, easy grammar. (;
@@ReligionAndMaterialismDebunked I don't understand your say.
Man tomnomnom is such a great guy.
Could listen to this guy for hours, he just seems very wise haha
Totally agree! Trolling through now trying to find more videos of him explaining things
i am seeing this at night,alone ,and the background music is scaring the sh*t out of me
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
This is what i understood from this:
Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
Dude. In the minify process variable names an methods are stripped to bare letters. What are you talking abt?
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
Title of this video must be "How to use chrome dev tools !!"... Really spend my life's 24.16 min to learn a new methodology
Finally bridging the gap between web developers and cybersecurity engineers. Well done.
Some notes to self:
1. Be mindful that once something is on the internet--someone is always watching.
2. Always make sure sensitive information (such as passed credentials) are not visible to the public.
3. Change up the folder structure and resource filenames of applications.
"always"????!
@@antoniofuller2331 Always.
Me while trying to teach myself how to code JS: “ah yes, quite simple yes yes I understand”
Me while watching anyone actually program in JS: “wut”
Amazing content.
Love how stök is pretending to be a beginner🤣.
Plz plz plz keep these videos coming.
The role playing is so underrated
Indeed he is a Beginner ...
in front of TomNomNom he is
LMAO
Ermm stok knowlege is actually pretty shitty lol.....
I learned more in 24 minute than in my whole college career.....Just Amazing
Makes you question paying for it huh? Can’t stand colleges for this reason.
@@Boorne2Kill I finish college and didn’t learn anything about code but what was in the book 📚 not even related to real life...
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
Why are you switching if you don't mind answering?
@@tonylee3721 probably since the market is getting saturated.
@@Ryu-sl6ld lol
Floki is that you??
Loki*
Floki is from the Vikings @@user-zt3hq3pi5l
Ignore the haters. This background music is perfect. My life as a hacker should be a David Lynch movie.
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
the interviewer is perfect, and as soon as he asked the questions in the very beginning I knew he knew what he was talking about. He also let the guest talk and that was very nice. good job Sir
I feel like it's one of the most valuable programming videos I've watched
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
Tomnomnom is so humble. Kudos to him. Wish him all the success.
Is his name "Tomnomnom " coz he eats "cookies"?
They way he explains and the background music , gives us feel like some black magic stuff kudos to both of you
PLEASE KEEP THEM COMING! WE NEED MORE AMAZING CONTENT LIKE THIS STOK AND TOM!
(13:10, 13:22) - Google pub firing range, thanks for showing this. Example for PostMessages.
Thanks for everything ❤️
Please more content like this ✌️
This is ABSOLUTELY hands down! One of the best and most educative YT videos I have seen on hacking. I don't know if it could be a little that I am just understanding it all alot more because I've found a few other videos that are good also and when I first started trying to learn.. the videos all just went way too fast and I didnt feel like they explained anything properly. But now I am learning so so much from Hacker 1's docs, videos and labs! Thank you Hacker One!
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
The best part of going to school to be a legit hacker is that you can actually feel your jedi powers growing!! now looking at this tho i still can code. Much is it i understand now. SO SATISFYING!!
AT LAST Someone explained the debugger function! Incredibly valuable video. Thank you both and thank you h1 for making it happen!
Whoever chose the background track (I think @STOK chose it), did a really excellent job. It really locked me to the tutorial, otherwise I'm pretty sure I would've got distracted by some stupid things 😆.
I love the background music, make it more dramatic and interesting, than boring hip hop beat
Amazing content kudos to tomnomnom btw why is the background music from horror movie
Hacker vibes
Tomnomnom explains everything so clearly and easy. Great content!
It's a good sign he understands what he's talking about
i just picked up javascript after doing c++ for a year, breath of fresh air tbh, making a discord chat bot to gamble with -_-
This is suuper freshh, Thanks guys! The way how Tom controls the inspector is suuper clear, I've learn some tricks with this video..
I totally loved this lesson, it was juicy in terms of potential hacking and super pedagogical! Obviously @STÖK knows (at least) some things and @TomNomNom knows a LOT and both are really humble. I need many more HACKY CODING SESSIONS like this one! It's really engaging the way this interview was driven. Good material, dude.
Cheers from Argentina.
Actually more interesting than a netflix movie! Keep it up 😉
Yeah and it's interactive. Can you try to hack my website emeraldledger.com?
the way this guy uses the debugger is the exactly right way to use it when developing web apps. I have actually never seen such a good video one how to do it, thanks!
Love the format of this! Thanks!
Very Educational even for an senior JavaScript developer
this is awesome to see love this video. Great to have STOK representing the learner so that he can ask the questions that are in our mind aswell.
The energy in TomNomNom and Stok actually made me feel like i was learning from friends!
Amazing expalanation
that was awesome, I actually love the background sound. i got into hacker zone again 😂😎😍
Second that
that was dope, both are skilled gentlemen and the editing was really helping the learning. Thank you both!
the ominous background music is hilarious
Litterely so much knowledge in one video, loved it sir !!! 🤯🤯💖💖
Tysm for this ! Very useful .
Can we have more vids like this in the future with Stok & Tom ?
You both are awesome. Thank you stök for this video. We love you.
Do make more videos. :)
this guy is off a bean on god.
"we get a much nicer look at things"
"nooooooooo wayyyyyyy thats nice *high smile intensifies*"
Nodejs + decent JS skill = loads of fun on the web.
"cOoL wItH jUsT oNe ClIcK" dude has probably never seen a browser before
But he won multiple Hackatons and similar events.
Dude knows his stuff. Don't get easily fooled.
he does this for the purpose of teaching the viewers
I love the “ DeusEx like” music in the background
"I am more of a burp guy", had no idea that developpers' tools existed in Chrome. Hacker level 0.
Thats why It's always good to avoid unsafe-inline on your CSP header.
DevTool of Cr is great. But I find Firefox is even better. It allows us to send HTTP request from network tab ya know?
Incredible production value for such 2-bit content.
Thank u @Tomnomnom i have got super knowledge of java script and how its work @stok and @hackerone thank u see u 2021 in liveevents if allah say
The theme is creepy but I feel like he is livehackin on goverment instead of yahoo, STÖK you are getting better and better in videos ;]
The interviewer, definitely cooked something before they started recording!
ya his brain
is that your way to say thank you for a very informative and very well edited video about a subject we care to learn?
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
Great video, always loved the dev tools but I had no idea about pretty print. You've changed my life
1:04 oh boy
Only those people dislikes who don't understand the things he is talking about. Loved it guys. Thank you so much.
2:29 Nice news xD
I was waiting for such video for a long time. Thanks STOK.. you are great. And of course TomNomNom :)
Guy: "We can also write in JAVA - not to be confused by JavaScript"
Other Guy: "Aha hmm right.... yes. Because Java is.. hmm." (- . - )
STOK is the Jimmy Fallon of tech interviews... XHR... wwwoooaahhhhhhhhhhhh! no way!
That background music creates the mood
Wow this js guy is so calm and clear when he is talking.
Keep them comin’!!!!
this elaborate thought process and very simple explanation has just opened my mind to how i should start approaching web security and made it less intimidating for me! thank you so much!!
alert(hi everyone👋)
hey, do you know that if you type your password in a RUclips comment it gets automatically hidden? Like this: **************** ! It's a very cool RUclips comment feature, try it!
Russell Teapot ****************
Wow! It really works! Security team has done a nice job!
@@the-old-channel ahahaahahah yeah!
@@RussellTeapot ***********
One of your best videos so far, super informative and super good explanation done by Tom! And Stök, who doesn't love him :D
if it wasn't for the horrible music, this would be a cool debugging tutorial :/
music was not horrible at all actually
Digging the dark theme to make it more intense. Ctl+shift+p dark theme
TomNomNom: So, we can start of by turning on the computer.
STÖK: Nooo wayyy, niiiiice! ;D
The erie music in the background while describing dev tools🤣👍 how about going into a coffee shop and spoofing the router, or maybe the next video talk about wireshark... 😳
That music in the background is ominous has a kubrickesque feel to it, XHR would say I am afraid I can't do that Tom
It's funny how it seems like the target audience are people interested in cybersecurity who have not a lot of knowledge. And the first 4 and a half minutes are easy to follow for such a persona. But then boom; JSON, API keys, end points. It goes deep really really fast. Obviously, you need to understand what to look for. But this means that your target audience is not a 8-year-old kid interested in 'hacking'. It's actual, serious people with a bit of a background looking for more in-depth knowledge about cyber security. The enthusiasm of Stök really bends towards the 8-year-old interested in 'hacking' while the subject matter is on the level of serious people with a bit of a background
Honestly, just a person learning web development. This is super eye-opening from someone who knows nothing about hacking.
must be confusing to hear "i use burp too" for someone who's not really familiar with this kinda stuff
the bg music is like a horror movie!! thanks again stok and tomnomnom!
I'm able to measure my progress, as far as learning and understanding dev tools and client side code, by looking at the video timer right after I say out loud, "I have absolutely no idea what's going on right now." It used to be like 6 min, and now its close to 16!! Look out, bug bounty world! I almost understand half of a Hackerone Javascript video, thats 4 years old. I know, its pretty impressive.
...dont worry, I'll leave some bugs for you guys.
Stok @ 2:55 "Oh just one click" = WTF Burp 😂
oh, man! your videos are a joy to watch. thank you very much.
7:40 xss types
8:40 listeners
20:30 secrets/keys sensitive data
This is a lot more palatable than some of the earlier videos (the powerpoint ones) so thank you for this
awesome vid, the suspenseful background music makes it
JS bro looks super humble and easy going. I want to be friends with him P-)
Also: “yava script”. That is all.
thanks for brightening my day with your upbeat video!