(This is the full-size version of my session for the AppSec Village at Defcon 28)
Hackium is a new library for web power users. It's a command line tool, a web browser, and a platform for building web automation.
The web has changed. Sites went from being a few kilobytes of static, hand-written HTML to monstrosities of tangled JavaScript that eat hundreds of megs of RAM. Web sites are applications now, complete with security controls, complex state, and custom protocols. Our tools need to become smarter.
Hackium is part of a new tool suite designed to both give greater control over browsers and the content they execute, as well as make work more sharable and portable. Hackium itself acts like a CLI-driven browser that runs automation scripts. Add libraries like shift-refactor, a JavaScript transformation library, and shift-interpreter, a JavaScript meta-interpreter, and you can intercept and manipulate JavaScript with just a few lines of code, no proxies necessary.
This session will introduce Hackium and how you can use features like the REPL to automate in-page tasks, work with 3rd party APIs for tasks like CAPTCHA solving, and intercept traffic to automatically deobfuscate JavaScript.
Original video: ua-cam.com/video/VpLghyPdte0/v-deo.html
Hackium source: github.com/jsoverson/hackium
Shift-refactor source: github.com/jsoverson/shift-refactor
Shift-interpreter: github.com/jsoverson/shift-interpreter