TomNomNom looks like a teacher. A really good one. Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with. Real nice guy.
It is a 2 year old video when I am watching it. The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
This is ABSOLUTELY hands down! One of the best and most educative YT videos I have seen on hacking. I don't know if it could be a little that I am just understanding it all alot more because I've found a few other videos that are good also and when I first started trying to learn.. the videos all just went way too fast and I didnt feel like they explained anything properly. But now I am learning so so much from Hacker 1's docs, videos and labs! Thank you Hacker One!
Finally bridging the gap between web developers and cybersecurity engineers. Well done. Some notes to self: 1. Be mindful that once something is on the internet--someone is always watching. 2. Always make sure sensitive information (such as passed credentials) are not visible to the public. 3. Change up the folder structure and resource filenames of applications.
the interviewer is perfect, and as soon as he asked the questions in the very beginning I knew he knew what he was talking about. He also let the guest talk and that was very nice. good job Sir
the way this guy uses the debugger is the exactly right way to use it when developing web apps. I have actually never seen such a good video one how to do it, thanks!
This is what i understood from this: Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
The best part of going to school to be a legit hacker is that you can actually feel your jedi powers growing!! now looking at this tho i still can code. Much is it i understand now. SO SATISFYING!!
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
Whoever chose the background track (I think @STOK chose it), did a really excellent job. It really locked me to the tutorial, otherwise I'm pretty sure I would've got distracted by some stupid things 😆.
I totally loved this lesson, it was juicy in terms of potential hacking and super pedagogical! Obviously @STÖK knows (at least) some things and @TomNomNom knows a LOT and both are really humble. I need many more HACKY CODING SESSIONS like this one! It's really engaging the way this interview was driven. Good material, dude. Cheers from Argentina.
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
this elaborate thought process and very simple explanation has just opened my mind to how i should start approaching web security and made it less intimidating for me! thank you so much!!
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
hey, do you know that if you type your password in a UA-cam comment it gets automatically hidden? Like this: **************** ! It's a very cool UA-cam comment feature, try it!
brilliant presentation, I love the editing and multiple camera angles. Curious about how you edited it....did you have somebody to handle scene switches with OBS or something? I like it , thank you for sharing.
Function optical / scopes..from metric angles and the best performing within obj spectrum / such for background and convertion by Raid_system operational..that goes a long way
I have a rookie question, how do I know if there is a potential xss vulnerability in general testing? Maybe one by one test can be derived, second, how can I use it to trace the parameter pass? I'm a little confused, but I learned something new. Thanks, man
Thanks for the informative video..I tried to run the other scenario of Complex message,but when, trying to follow the same code ,I am getting XSS on complex message page,but not on the website where I have written the script.js ,it is displaying the empty box on right hand side,but not popup from the site which is being called.Any thoughts
4:01
"Pretty print"
"No waaaay"
k
funny, BUT I DID NOT KNOW THAT FUCKING BUTTON WAS THERE ALL THIS TIME!
hahah
imposible! XD
JerreMuesli IKR!!!!
no wayyy thats niceeee
tomnomnom should start teaching people, this guy got a voice of perfect lecturer
Liskowy and he has no Indian accent
oh yeah i can imagine good what he wnat to explain and his voice is great to listen. and im straight
@@hemax_ touchè lad
@@hemax_ lmaooo
Yes exactly
- It's CSS
- What's CSS ?
- Cascading Style Sheet
- Whoaaaa!!!!!
STÖK talks alot about yavascript ahahha
Aye man don’t be mean or I’ll hack your windows Home Screen with some good templates (I’ll go with bootstrap)
@@loganlandry7852 @
Layne Jasper dumb spammers
Xd
TomNomNom looks like a teacher. A really good one.
Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with.
Real nice guy.
Perfect cover. A little too nice for a hacker even if bounty side
JJ
Li
U
H.
Background music 😂😂
It's perfect 🤓😆
That what you should listening on when you performing a hunting :)
Sounds like it's from EVE...
Good Lord! 😂😂😂
its sounds like COD WARZONE
Ugh... "xml http request"
the other guy: "whoaa!!"
really dude...
Kek
Drugs.
XD
Relax. I suspect @STÖK knows more than he lets on, here. His "whoaa" is probably more of a didactic device than genuine amazement.
@@jub0bs I don't think so! His whoaaa!! was real! He's said in most of his videos that he is not very good at coding.
It is a 2 year old video when I am watching it.
The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
we are too late in hacking buddy LOL we should learn fast to get things out
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
That was so much of knowledge ! Thankyou so much stok !🔥
Get some more videos like this
thank you for your content and sharing the knowledge:)
Link of yur youtube wrong=> ua-cam.com/users/STOKfredrik
I'm gonna need a mouse without the STOK
The music in the background is so intense, I will never look at a XHR request quite the same way.
Creepy music lol
I take everything back - the speaker is amazing. So calm, so much and clear information, presented very politely and soothing voice ;-) please, more!!
I've found it very useful. I would love to see more such videos in the future. You guys are awesome. Thanks, TomNomNom & STÖK :-)
Second that
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
That's a cool debugging tutorial, Marshall Eriksen.
LOL
after the first 10 mins, i was like hell, thats a little long for just a debugging tutorial :-p . and it was.
HAAHAHAHHA
exactly haha, now you can debug your partner's spaghetti code
Lol
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
Where can I learn more about this?
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
Wow thanks so much! That helped me more than you know! 🎉
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
Man tomnomnom is such a great guy.
Could listen to this guy for hours, he just seems very wise haha
Totally agree! Trolling through now trying to find more videos of him explaining things
i am seeing this at night,alone ,and the background music is scaring the sh*t out of me
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
Why are you switching if you don't mind answering?
@@9GodGo probably since the market is getting saturated.
@@Ryu-sl6ld lol
They way he explains and the background music , gives us feel like some black magic stuff kudos to both of you
Web devs. Are gonna have a nice time watching this😂
sure did. the tool is same but the mentality is fresh.
I wasted my time using dev tools the wrong way
@@tjtheo5280 ? what lol
ikr?
Lol yeah haha
This is ABSOLUTELY hands down! One of the best and most educative YT videos I have seen on hacking. I don't know if it could be a little that I am just understanding it all alot more because I've found a few other videos that are good also and when I first started trying to learn.. the videos all just went way too fast and I didnt feel like they explained anything properly. But now I am learning so so much from Hacker 1's docs, videos and labs! Thank you Hacker One!
Tomnomnom is so humble. Kudos to him. Wish him all the success.
Is his name "Tomnomnom " coz he eats "cookies"?
Finally bridging the gap between web developers and cybersecurity engineers. Well done.
Some notes to self:
1. Be mindful that once something is on the internet--someone is always watching.
2. Always make sure sensitive information (such as passed credentials) are not visible to the public.
3. Change up the folder structure and resource filenames of applications.
"always"????!
@@antoniofuller2331 Always.
Tomnomnom explains everything so clearly and easy. Great content!
It's a good sign he understands what he's talking about
2:29 Are we gonna just ignore the 1st thing on Yahoo News? 😂
Yikes. I missed that.
sweet home alabama *INTENSIFIES*
@Neronian Diamanti wrong
@@n4rfy477 100times lmao
LMAO 🤷🏾♂️
Floki is that you??
Loki*
Floki is from the Vikings @@user-zt3hq3pi5l
that was dope, both are skilled gentlemen and the editing was really helping the learning. Thank you both!
This is suuper freshh, Thanks guys! The way how Tom controls the inspector is suuper clear, I've learn some tricks with this video..
the interviewer is perfect, and as soon as he asked the questions in the very beginning I knew he knew what he was talking about. He also let the guest talk and that was very nice. good job Sir
I feel like it's one of the most valuable programming videos I've watched
Very Educational even for an senior JavaScript developer
I learned more in 24 minute than in my whole college career.....Just Amazing
Makes you question paying for it huh? Can’t stand colleges for this reason.
@@Boorne2Kill I finish college and didn’t learn anything about code but what was in the book 📚 not even related to real life...
the way this guy uses the debugger is the exactly right way to use it when developing web apps. I have actually never seen such a good video one how to do it, thanks!
So basically it's a debuggers tutorial 😂
Two lamers talk about debugging.
@@maxmix6406 lamers, lol
Debugging is Art of Exploitation
@@neowick-fp4tttrue, and so is proper punctuation, what you didn't do, which is the art of basic, easy grammar. (;
@@ReligionAndMaterialismDebunked I don't understand your say.
This is what i understood from this:
Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
Dude. In the minify process variable names an methods are stripped to bare letters. What are you talking abt?
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
Amazing content.
Love how stök is pretending to be a beginner🤣.
Plz plz plz keep these videos coming.
The role playing is so underrated
Indeed he is a Beginner ...
in front of TomNomNom he is
LMAO
Ermm stok knowlege is actually pretty shitty lol.....
The best part of going to school to be a legit hacker is that you can actually feel your jedi powers growing!! now looking at this tho i still can code. Much is it i understand now. SO SATISFYING!!
PLEASE KEEP THEM COMING! WE NEED MORE AMAZING CONTENT LIKE THIS STOK AND TOM!
Me while trying to teach myself how to code JS: “ah yes, quite simple yes yes I understand”
Me while watching anyone actually program in JS: “wut”
Amazing content kudos to tomnomnom btw why is the background music from horror movie
Hacker vibes
Incredible production value for such 2-bit content.
AT LAST Someone explained the debugger function! Incredibly valuable video. Thank you both and thank you h1 for making it happen!
Love the format of this! Thanks!
I love the background music, make it more dramatic and interesting, than boring hip hop beat
Great video, always loved the dev tools but I had no idea about pretty print. You've changed my life
Actually more interesting than a netflix movie! Keep it up 😉
Yeah and it's interactive. Can you try to hack my website emeraldledger.com?
I love the “ DeusEx like” music in the background
Title of this video must be "How to use chrome dev tools !!"... Really spend my life's 24.16 min to learn a new methodology
(13:10, 13:22) - Google pub firing range, thanks for showing this. Example for PostMessages.
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
Litterely so much knowledge in one video, loved it sir !!! 🤯🤯💖💖
Thanks for everything ❤️
Please more content like this ✌️
The energy in TomNomNom and Stok actually made me feel like i was learning from friends!
Amazing expalanation
the ominous background music is hilarious
Whoever chose the background track (I think @STOK chose it), did a really excellent job. It really locked me to the tutorial, otherwise I'm pretty sure I would've got distracted by some stupid things 😆.
1:04 oh boy
Nodejs + decent JS skill = loads of fun on the web.
Tysm for this ! Very useful .
Can we have more vids like this in the future with Stok & Tom ?
You both are awesome. Thank you stök for this video. We love you.
Do make more videos. :)
this is awesome to see love this video. Great to have STOK representing the learner so that he can ask the questions that are in our mind aswell.
I totally loved this lesson, it was juicy in terms of potential hacking and super pedagogical! Obviously @STÖK knows (at least) some things and @TomNomNom knows a LOT and both are really humble. I need many more HACKY CODING SESSIONS like this one! It's really engaging the way this interview was driven. Good material, dude.
Cheers from Argentina.
Thank u @Tomnomnom i have got super knowledge of java script and how its work @stok and @hackerone thank u see u 2021 in liveevents if allah say
awesome vid, the suspenseful background music makes it
that was awesome, I actually love the background sound. i got into hacker zone again 😂😎😍
Second that
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
That background music creates the mood
Ignore the haters. This background music is perfect. My life as a hacker should be a David Lynch movie.
2:29 Nice news xD
the bg music is like a horror movie!! thanks again stok and tomnomnom!
Keep them comin’!!!!
this elaborate thought process and very simple explanation has just opened my mind to how i should start approaching web security and made it less intimidating for me! thank you so much!!
"cOoL wItH jUsT oNe ClIcK" dude has probably never seen a browser before
But he won multiple Hackatons and similar events.
Dude knows his stuff. Don't get easily fooled.
he does this for the purpose of teaching the viewers
I was waiting for such video for a long time. Thanks STOK.. you are great. And of course TomNomNom :)
this guy is off a bean on god.
"we get a much nicer look at things"
"nooooooooo wayyyyyyy thats nice *high smile intensifies*"
thanks for brightening my day with your upbeat video!
"I am more of a burp guy", had no idea that developpers' tools existed in Chrome. Hacker level 0.
The interviewer, definitely cooked something before they started recording!
ya his brain
is that your way to say thank you for a very informative and very well edited video about a subject we care to learn?
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
11:45 me all the video... Nice work of both!
alert(hi everyone👋)
hey, do you know that if you type your password in a UA-cam comment it gets automatically hidden? Like this: **************** ! It's a very cool UA-cam comment feature, try it!
Russell Teapot ****************
Wow! It really works! Security team has done a nice job!
@@the-old-channel ahahaahahah yeah!
@@RussellTeapot ***********
Only those people dislikes who don't understand the things he is talking about. Loved it guys. Thank you so much.
DevTool of Cr is great. But I find Firefox is even better. It allows us to send HTTP request from network tab ya know?
brilliant presentation, I love the editing and multiple camera angles. Curious about how you edited it....did you have somebody to handle scene switches with OBS or something?
I like it , thank you for sharing.
the words displayed on the screen were very nice as well
Parse and scope combined is the msg in this video
@@rubenkofman4079 sorry, did you attempt to answer my initial question ? I don't understand your answer
Function optical / scopes..from metric angles and the best performing within obj spectrum / such for background and convertion by Raid_system operational..that goes a long way
Guy: "We can also write in JAVA - not to be confused by JavaScript"
Other Guy: "Aha hmm right.... yes. Because Java is.. hmm." (- . - )
One of your best videos so far, super informative and super good explanation done by Tom! And Stök, who doesn't love him :D
if it wasn't for the horrible music, this would be a cool debugging tutorial :/
music was not horrible at all actually
oh, man! your videos are a joy to watch. thank you very much.
Wow this js guy is so calm and clear when he is talking.
This is a lot more palatable than some of the earlier videos (the powerpoint ones) so thank you for this
I have a rookie question, how do I know if there is a potential xss vulnerability in general testing? Maybe one by one test can be derived, second, how can I use it to trace the parameter pass? I'm a little confused, but I learned something new. Thanks, man
7:40 xss types
8:40 listeners
20:30 secrets/keys sensitive data
STOK is the Jimmy Fallon of tech interviews... XHR... wwwoooaahhhhhhhhhhhh! no way!
this needs to be a series for beginners
That background music though :D Cool video btw!!
Thanks for the informative video..I tried to run the other scenario of Complex message,but when, trying to follow the same code ,I am getting XSS on complex message page,but not on the website where I have written the script.js ,it is displaying the empty box on right hand side,but not popup from the site which is being called.Any thoughts
This video is absolute GOLD for JS review.
what else should we look for besides postMessage()?
Stök you r greate.. i m big fan of you! greate Guest and Great Host!
That music, hunts me to this day.
Didn't have much familiarity with the chrome dev tools. Really nice video.
Very nice studying content! Thanks for that and keep up with the good stuff posting!