Update about 4:00. Burp 2020-4 now integrates a pretty-printer for JSON, JS, and other MIME types: portswigger.net/burp/releases/professional-community-2020-4. Installing the "JSON /JS Beautifier" extension is no longer needed.
TomNomNom looks like a teacher. A really good one. Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with. Real nice guy.
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
It is a 2 year old video when I am watching it. The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
hey, do you know that if you type your password in a RUclips comment it gets automatically hidden? Like this: **************** ! It's a very cool RUclips comment feature, try it!
i don't mean to be rude this tutorial seems way too overhyped in the bugbounty community. If you google `chrome devtools` on youtube, you can find much more detailed and technical videos
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
I am not sure if it's done on purpose or not, but the dude who isn't at the laptop behaves like a very ignorant person. So much that it almost bothers me cause it starts to feel kinda fake. His presence in the video is not only superfluous, but actively annoying. This could have been a more enjoyable video (and slightly shorter too) if didn't have the cringy interactions entirely caused by him. If it's done on purpose and he isn't that ignorant about these topics, I just have to ask why? Why is he acting like that? Is he trying to appeal to 9 yo kids who need to see someone to identify with in whatever they watch? If it's not done on purpose, why is he even in this video? What's the point? He literally adds nothing useful to the video itself, just cringe.
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
It's funny how it seems like the target audience are people interested in cybersecurity who have not a lot of knowledge. And the first 4 and a half minutes are easy to follow for such a persona. But then boom; JSON, API keys, end points. It goes deep really really fast. Obviously, you need to understand what to look for. But this means that your target audience is not a 8-year-old kid interested in 'hacking'. It's actual, serious people with a bit of a background looking for more in-depth knowledge about cyber security. The enthusiasm of Stök really bends towards the 8-year-old interested in 'hacking' while the subject matter is on the level of serious people with a bit of a background
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
This is what i understood from this: Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
I love watching @STÖK's videos but there ain't NO WAY he is that surprised about pretty-print :P haha I could be wrong, but in any case: it makes it a wAY better video! haha
I'm able to measure my progress, as far as learning and understanding dev tools and client side code, by looking at the video timer right after I say out loud, "I have absolutely no idea what's going on right now." It used to be like 6 min, and now its close to 16!! Look out, bug bounty world! I almost understand half of a Hackerone Javascript video, thats 4 years old. I know, its pretty impressive. ...dont worry, I'll leave some bugs for you guys.
JS "Hacker": And actually... a really cool thing you can do, is prettify the code. Hair, hoop, hat guy: Wow... Like.... Woah... Everyone: cringe... Background Music: Why the hell am I here...
I have a rookie question, how do I know if there is a potential xss vulnerability in general testing? Maybe one by one test can be derived, second, how can I use it to trace the parameter pass? I'm a little confused, but I learned something new. Thanks, man
so the fix at 19:00 is to have your configuration deny remote :
right? I ask because I have been trained on the defense of asp.net and iis and have not looked at it from your perspective as of late. Tools change so much and very great video!
Coder:::: @10:49 ".... this breakpoint has told the chrome dev tools hey when this line of code runs you need to stop give control over to the dev tools..." Long Hair: "Ohhh" (**thousand yard stare**) #debuggingout
For the FBI. Im really really sorry about this mistake, and i apologize very dearly. This was an accidental click by my four year old son, and i really don't know anything about computers... I have this windows thingy in my hand of im writing, but that's really. Really.. I don't wanna go to jail.
Giving a happy background: Javascript for Cats : jsforcats.com/ ------ Joking but I'm a js developer and this was so inspirational, I used to hack my university food system to get free food but that's the only touch that I have with hack an it was for fun :D ( nothing fancy, just bought a bill printer and wrote a js script in university website to print the food bill :D ) but since I am a fullstack developer I know a lot about when developers make security holes I'm one of them you know :D What can I do if I try to use my thing in a different way? :D
why does this have endless upvotes? It's a video on how to use chrome dev tools from a channel with the word Hacker in the name. Is this a joke? Dude creamed himself over hearing XML Http Request. ??????? I am confused... Between the two of you, you didn't talk about anything remotely interesting in 25 minutes. All you did was play with the DOM via the console and prettify some minified code. Wtf honestly is this video. And the dude at the end saying that passwords get 'pushed out the door' instead of being in 'a password vault' makes him sound like he's never developed a web application.Yikes video.
It's very cool... But the effects of light and sound are very funny! It seems that they found a pedophile Alien selling drugs to the government on the dark web... "Opening chrome dev-tools => Scary theme song noise" Again, very cool and useful content.
4:01
"Pretty print"
"No waaaay"
k
funny, BUT I DID NOT KNOW THAT FUCKING BUTTON WAS THERE ALL THIS TIME!
hahah
imposible! XD
JerreMuesli IKR!!!!
no wayyy thats niceeee
Incredible production value for such 2-bit content.
The theme is creepy but I feel like he is livehackin on goverment instead of yahoo, STÖK you are getting better and better in videos ;]
For a moment I thought it was PewDiePie
Thankyou so much for sharing this video, really loved it
I was expecting to hack the white house and this guy say to me what I learned when I was a kid.
the editing is on drugs and I like it 👌
Update about 4:00. Burp 2020-4 now integrates a pretty-printer for JSON, JS, and other MIME types: portswigger.net/burp/releases/professional-community-2020-4. Installing the "JSON /JS Beautifier" extension is no longer needed.
Ugh... "xml http request"
the other guy: "whoaa!!"
really dude...
Kek
Drugs.
XD
Relax. I suspect @STÖK knows more than he lets on, here. His "whoaa" is probably more of a didactic device than genuine amazement.
@@jub0bs I don't think so! His whoaaa!! was real! He's said in most of his videos that he is not very good at coding.
- It's CSS
- What's CSS ?
- Cascading Style Sheet
- Whoaaaa!!!!!
STÖK talks alot about yavascript ahahha
Aye man don’t be mean or I’ll hack your windows Home Screen with some good templates (I’ll go with bootstrap)
@@loganlandry7852 @
Layne Jasper dumb spammers
Xd
tomnomnom should start teaching people, this guy got a voice of perfect lecturer
Liskowy and he has no Indian accent
oh yeah i can imagine good what he wnat to explain and his voice is great to listen. and im straight
@@hemax_ touchè lad
@@hemax_ lmaooo
Yes exactly
Background music 😂😂
It's perfect 🤓😆
That what you should listening on when you performing a hunting :)
Sounds like it's from EVE...
Good Lord! 😂😂😂
its sounds like COD WARZONE
TomNomNom looks like a teacher. A really good one.
Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with.
Real nice guy.
Perfect cover. A little too nice for a hacker even if bounty side
JJ
Li
U
H.
Floki is that you??
Loki*
Floki is from the Vikings @@user-zt3hq3pi5l
So basically it's a debuggers tutorial 😂
Two lamers talk about debugging.
@@maxmix6406 lamers, lol
Debugging is Art of Exploitation
@@neowick-fp4tttrue, and so is proper punctuation, what you didn't do, which is the art of basic, easy grammar. (;
@@ReligionAndMaterialismDebunked I don't understand your say.
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
That was so much of knowledge ! Thankyou so much stok !🔥
Get some more videos like this
thank you for your content and sharing the knowledge:)
Link of yur youtube wrong=> ruclips.net/user/STOKfredrik
I'm gonna need a mouse without the STOK
I've found it very useful. I would love to see more such videos in the future. You guys are awesome. Thanks, TomNomNom & STÖK :-)
Second that
That's a cool debugging tutorial, Marshall Eriksen.
LOL
after the first 10 mins, i was like hell, thats a little long for just a debugging tutorial :-p . and it was.
HAAHAHAHHA
exactly haha, now you can debug your partner's spaghetti code
Lol
Web devs. Are gonna have a nice time watching this😂
sure did. the tool is same but the mentality is fresh.
I wasted my time using dev tools the wrong way
@@tjtheo5280 ? what lol
ikr?
I love this! Using devtool excessively already, but man, did I miss some great stuffz!
2:29 Are we gonna just ignore the 1st thing on Yahoo News? 😂
Yikes. I missed that.
sweet home alabama *INTENSIFIES*
@Neronian Diamanti wrong
@@n4rfy477 100times lmao
LMAO 🤷🏾♂️
The music in the background is so intense, I will never look at a XHR request quite the same way.
Creepy music lol
It is a 2 year old video when I am watching it.
The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
we are too late in hacking buddy LOL we should learn fast to get things out
I take everything back - the speaker is amazing. So calm, so much and clear information, presented very politely and soothing voice ;-) please, more!!
Amazing content kudos to tomnomnom btw why is the background music from horror movie
Hacker vibes
Man tomnomnom is such a great guy.
Could listen to this guy for hours, he just seems very wise haha
Totally agree! Trolling through now trying to find more videos of him explaining things
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
Amazing content.
Love how stök is pretending to be a beginner🤣.
Plz plz plz keep these videos coming.
The role playing is so underrated
Indeed he is a Beginner ...
in front of TomNomNom he is
LMAO
Ermm stok knowlege is actually pretty shitty lol.....
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
Where can I learn more about this?
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
Wow thanks so much! That helped me more than you know! 🎉
Me while trying to teach myself how to code JS: “ah yes, quite simple yes yes I understand”
Me while watching anyone actually program in JS: “wut”
Title of this video must be "How to use chrome dev tools !!"... Really spend my life's 24.16 min to learn a new methodology
Tomnomnom explains everything so clearly and easy. Great content!
It's a good sign he understands what he's talking about
alert(hi everyone👋)
hey, do you know that if you type your password in a RUclips comment it gets automatically hidden? Like this: **************** ! It's a very cool RUclips comment feature, try it!
Russell Teapot ****************
Wow! It really works! Security team has done a nice job!
@@the-old-channel ahahaahahah yeah!
@@RussellTeapot ***********
i don't mean to be rude this tutorial seems way too overhyped in the bugbounty community. If you google `chrome devtools` on youtube, you can find much more detailed and technical videos
Thank u @Tomnomnom i have got super knowledge of java script and how its work @stok and @hackerone thank u see u 2021 in liveevents if allah say
must be confusing to hear "i use burp too" for someone who's not really familiar with this kinda stuff
PLEASE KEEP THEM COMING! WE NEED MORE AMAZING CONTENT LIKE THIS STOK AND TOM!
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
Why are you switching if you don't mind answering?
@@tonylee3721 probably since the market is getting saturated.
@@Ryu-sl6ld lol
I learned more in 24 minute than in my whole college career.....Just Amazing
Makes you question paying for it huh? Can’t stand colleges for this reason.
@@Boorne2Kill I finish college and didn’t learn anything about code but what was in the book 📚 not even related to real life...
19:13 but this only works because this website has not CORS header set up no ?
Actually more interesting than a netflix movie! Keep it up 😉
Yeah and it's interactive. Can you try to hack my website emeraldledger.com?
i am seeing this at night,alone ,and the background music is scaring the sh*t out of me
"cOoL wItH jUsT oNe ClIcK" dude has probably never seen a browser before
But he won multiple Hackatons and similar events.
Dude knows his stuff. Don't get easily fooled.
he does this for the purpose of teaching the viewers
I am not sure if it's done on purpose or not, but the dude who isn't at the laptop behaves like a very ignorant person. So much that it almost bothers me cause it starts to feel kinda fake.
His presence in the video is not only superfluous, but actively annoying. This could have been a more enjoyable video (and slightly shorter too) if didn't have the cringy interactions entirely caused by him.
If it's done on purpose and he isn't that ignorant about these topics, I just have to ask why? Why is he acting like that? Is he trying to appeal to 9 yo kids who need to see someone to identify with in whatever they watch? If it's not done on purpose, why is he even in this video? What's the point? He literally adds nothing useful to the video itself, just cringe.
The whole video feels like they're trying to push some service or something. Javascript 101 for dummies.
I feel like it's one of the most valuable programming videos I've watched
Owww guysssss html on board in the door the righting off linux ?
AT LAST Someone explained the debugger function! Incredibly valuable video. Thank you both and thank you h1 for making it happen!
Auto generated subtitles: "Hi my name is dick..."
Tomnomnom is so humble. Kudos to him. Wish him all the success.
Is his name "Tomnomnom " coz he eats "cookies"?
Love you stok and why don't upload the hacking video :(
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
link for STOK is not working but great video non the less
1:04 oh boy
Ghostly!
the ominous background music is hilarious
It's funny how it seems like the target audience are people interested in cybersecurity who have not a lot of knowledge. And the first 4 and a half minutes are easy to follow for such a persona. But then boom; JSON, API keys, end points. It goes deep really really fast. Obviously, you need to understand what to look for. But this means that your target audience is not a 8-year-old kid interested in 'hacking'. It's actual, serious people with a bit of a background looking for more in-depth knowledge about cyber security. The enthusiasm of Stök really bends towards the 8-year-old interested in 'hacking' while the subject matter is on the level of serious people with a bit of a background
Honestly, just a person learning web development. This is super eye-opening from someone who knows nothing about hacking.
2:29 Nice news xD
i just picked up javascript after doing c++ for a year, breath of fresh air tbh, making a discord chat bot to gamble with -_-
Thanks for everything ❤️
Please more content like this ✌️
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
This is suuper freshh, Thanks guys! The way how Tom controls the inspector is suuper clear, I've learn some tricks with this video..
is that a fake channel? WTF, getting to know everything regarding dev-tools is probably the first step at tinkering with web.
I love the background music, make it more dramatic and interesting, than boring hip hop beat
Cool video, could do without the weird music though lol.
Love the format of this! Thanks!
html = skeleton
javascript = muscle
css = skin
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
What is the use of making the website alert something, isnt this kinda useless? Please correct me if im wrong I have no idea about this topic.
Yeah this is all worthless, bunch of potheads.
It's really meant to test if your exploit works right, before you try to run actually nasty code on other people.
Guy: "We can also write in JAVA - not to be confused by JavaScript"
Other Guy: "Aha hmm right.... yes. Because Java is.. hmm." (- . - )
DevTool of Cr is great. But I find Firefox is even better. It allows us to send HTTP request from network tab ya know?
The interviewer, definitely cooked something before they started recording!
ya his brain
is that your way to say thank you for a very informative and very well edited video about a subject we care to learn?
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
YAY!!!!!!!🎉🎉🎉🎉😂😂😂😂😮😮😮😊😊😊😅😅😅😅❤❤❤❤❤❤❤
Keep them comin’!!!!
You both are awesome. Thank you stök for this video. We love you.
Do make more videos. :)
"I am more of a burp guy", had no idea that developpers' tools existed in Chrome. Hacker level 0.
This is what i understood from this:
Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
Dude. In the minify process variable names an methods are stripped to bare letters. What are you talking abt?
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
Tysm for this ! Very useful .
Can we have more vids like this in the future with Stok & Tom ?
do you have a motorbike in your room?
Nah that's his electric odlid.
that was awesome, I actually love the background sound. i got into hacker zone again 😂😎😍
Second that
_STÖK_ looks like a hippie _PewDiePie..._
if it wasn't for the horrible music, this would be a cool debugging tutorial :/
music was not horrible at all actually
I love watching @STÖK's videos but there ain't NO WAY he is that surprised about pretty-print :P haha I could be wrong, but in any case: it makes it a wAY better video! haha
this guy is off a bean on god.
"we get a much nicer look at things"
"nooooooooo wayyyyyyy thats nice *high smile intensifies*"
I'm able to measure my progress, as far as learning and understanding dev tools and client side code, by looking at the video timer right after I say out loud, "I have absolutely no idea what's going on right now." It used to be like 6 min, and now its close to 16!! Look out, bug bounty world! I almost understand half of a Hackerone Javascript video, thats 4 years old. I know, its pretty impressive.
...dont worry, I'll leave some bugs for you guys.
this is awesome to see love this video. Great to have STOK representing the learner so that he can ask the questions that are in our mind aswell.
Ignore the haters. This background music is perfect. My life as a hacker should be a David Lynch movie.
That background music creates the mood
I love your hoody
*It's* *black* *!*
what else should we look for besides postMessage()?
JS "Hacker": And actually... a really cool thing you can do, is prettify the code.
Hair, hoop, hat guy: Wow... Like.... Woah...
Everyone: cringe...
Background Music: Why the hell am I here...
"yåvåscript" - STÖK. 2020.
---------
Just kiddin', STÖK is the best.
I have a rookie question, how do I know if there is a potential xss vulnerability in general testing? Maybe one by one test can be derived, second, how can I use it to trace the parameter pass? I'm a little confused, but I learned something new. Thanks, man
so the fix at 19:00 is to have your configuration deny remote :
right?
I ask because I have been trained on the defense of asp.net and iis and have not looked at it from your perspective as of late. Tools change so much and very great video!
TomNomNom: So, we can start of by turning on the computer.
STÖK: Nooo wayyy, niiiiice! ;D
2:03 Girl gave birth and the father is WHO?????
Coder::::
@10:49
".... this breakpoint has told the chrome dev tools
hey when this line of code runs you need to stop give control over to the dev tools..."
Long Hair: "Ohhh" (**thousand yard stare**)
#debuggingout
For the FBI.
Im really really sorry about this mistake, and i apologize very dearly.
This was an accidental click by my four year old son, and i really don't know anything about computers...
I have this windows thingy in my hand of im writing, but that's really.
Really..
I don't wanna go to jail.
Giving a happy background: Javascript for Cats : jsforcats.com/
------
Joking but I'm a js developer and this was so inspirational, I used to hack my university food system to get free food but that's the only touch that I have with hack an it was for fun :D ( nothing fancy, just bought a bill printer and wrote a js script in university website to print the food bill :D ) but since I am a fullstack developer I know a lot about when developers make security holes I'm one of them you know :D
What can I do if I try to use my thing in a different way? :D
(13:10, 13:22) - Google pub firing range, thanks for showing this. Example for PostMessages.
why does this have endless upvotes? It's a video on how to use chrome dev tools from a channel with the word Hacker in the name. Is this a joke?
Dude creamed himself over hearing XML Http Request. ???????
I am confused... Between the two of you, you didn't talk about anything remotely interesting in 25 minutes. All you did was play with the DOM via the console and prettify some minified code. Wtf honestly is this video. And the dude at the end saying that passwords get 'pushed out the door' instead of being in 'a password vault' makes him sound like he's never developed a web application.Yikes video.
It's very cool... But the effects of light and sound are very funny!
It seems that they found a pedophile Alien selling drugs to the government on the dark web...
"Opening chrome dev-tools => Scary theme song noise"
Again, very cool and useful content.