TomNomNom looks like a teacher. A really good one. Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with. Real nice guy.
It is a 2 year old video when I am watching it. The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
Finally bridging the gap between web developers and cybersecurity engineers. Well done. Some notes to self: 1. Be mindful that once something is on the internet--someone is always watching. 2. Always make sure sensitive information (such as passed credentials) are not visible to the public. 3. Change up the folder structure and resource filenames of applications.
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
the interviewer is perfect, and as soon as he asked the questions in the very beginning I knew he knew what he was talking about. He also let the guest talk and that was very nice. good job Sir
This is ABSOLUTELY hands down! One of the best and most educative YT videos I have seen on hacking. I don't know if it could be a little that I am just understanding it all alot more because I've found a few other videos that are good also and when I first started trying to learn.. the videos all just went way too fast and I didnt feel like they explained anything properly. But now I am learning so so much from Hacker 1's docs, videos and labs! Thank you Hacker One!
the way this guy uses the debugger is the exactly right way to use it when developing web apps. I have actually never seen such a good video one how to do it, thanks!
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
This is what i understood from this: Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
I totally loved this lesson, it was juicy in terms of potential hacking and super pedagogical! Obviously @STÖK knows (at least) some things and @TomNomNom knows a LOT and both are really humble. I need many more HACKY CODING SESSIONS like this one! It's really engaging the way this interview was driven. Good material, dude. Cheers from Argentina.
Whoever chose the background track (I think @STOK chose it), did a really excellent job. It really locked me to the tutorial, otherwise I'm pretty sure I would've got distracted by some stupid things 😆.
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
this elaborate thought process and very simple explanation has just opened my mind to how i should start approaching web security and made it less intimidating for me! thank you so much!!
hey, do you know that if you type your password in a UA-cam comment it gets automatically hidden? Like this: **************** ! It's a very cool UA-cam comment feature, try it!
tomnomnom should start teaching people, this guy got a voice of perfect lecturer
Liskowy and he has no Indian accent
oh yeah i can imagine good what he wnat to explain and his voice is great to listen. and im straight
@@hemax_ touchè lad
@@hemax_ lmaooo
Yes exactly
- It's CSS
- What's CSS ?
- Cascading Style Sheet
- Whoaaaa!!!!!
STÖK talks alot about yavascript ahahha
Aye man don’t be mean or I’ll hack your windows Home Screen with some good templates (I’ll go with bootstrap)
@@loganlandry7852 @
Layne Jasper dumb spammers
Xd
TomNomNom looks like a teacher. A really good one.
Nice didactics, calm talking, good knowledge and sounds like a person you would want to be friends with.
Real nice guy.
Perfect cover. A little too nice for a hacker even if bounty side
JJ
Li
U
H.
4:01
"Pretty print"
"No waaaay"
k
funny, BUT I DID NOT KNOW THAT FUCKING BUTTON WAS THERE ALL THIS TIME!
hahah
imposible! XD
JerreMuesli IKR!!!!
no wayyy thats niceeee
It is a 2 year old video when I am watching it.
The best part of the video is, Tomnomnom has explained things in pretty detailed way. Another thing I noticed from starting to end of the video is that, Tomnomnom is the calm teacher and Stok is the curios student, where the curiosity reflects in his eyes. Just loved it. ❤
we are too late in hacking buddy LOL we should learn fast to get things out
Thanks for all the love and support. It’s was such a pleasure to record this video with TomNomNom and I hope you learned something new, I know I did. Stay curious!
That was so much of knowledge ! Thankyou so much stok !🔥
Get some more videos like this
thank you for your content and sharing the knowledge:)
Link of yur youtube wrong=> ua-cam.com/users/STOKfredrik
I'm gonna need a mouse without the STOK
Background music 😂😂
It's perfect 🤓😆
That what you should listening on when you performing a hunting :)
Sounds like it's from EVE...
Good Lord! 😂😂😂
its sounds like COD WARZONE
I take everything back - the speaker is amazing. So calm, so much and clear information, presented very politely and soothing voice ;-) please, more!!
The music in the background is so intense, I will never look at a XHR request quite the same way.
Creepy music lol
I've found it very useful. I would love to see more such videos in the future. You guys are awesome. Thanks, TomNomNom & STÖK :-)
Second that
Ugh... "xml http request"
the other guy: "whoaa!!"
really dude...
Kek
Drugs.
XD
Relax. I suspect @STÖK knows more than he lets on, here. His "whoaa" is probably more of a didactic device than genuine amazement.
@@jub0bs I don't think so! His whoaaa!! was real! He's said in most of his videos that he is not very good at coding.
"Always a pleasure my friend". Great :) You two are a perfect combination as teachers. Music and editing is great, great chemistry and Tomnomnom is very easy to follow. It's a pleasure learning this unknown subject, thanks to you.
That's a cool debugging tutorial, Marshall Eriksen.
LOL
after the first 10 mins, i was like hell, thats a little long for just a debugging tutorial :-p . and it was.
HAAHAHAHHA
exactly haha, now you can debug your partner's spaghetti code
Lol
Thank you so much for bringing this to the frame of reference. The questions asked and the detailed explanations gifted are of great value! You two rock!
Man tomnomnom is such a great guy.
Could listen to this guy for hours, he just seems very wise haha
Totally agree! Trolling through now trying to find more videos of him explaining things
While modern frameworks are initing their routing you can go into the debugger and pause it, build a new config, and get yourself into some hidden sections of the apps. If there's content in those section that is not protected by a token, you're gonna get some free stuff! Could be video lessons, pdfs, who knows. The key is that you're building your own custom route config for an app. This takes a good understanding of the routing engines of the frameworks as well as the product you're trying to get into.
Where can I learn more about this?
@@dixztube I think having a sound knowledge about API frameworks (such as ExpressJs) and vulnerabilities that arise due to not using token validation (such as CSRF) will give you a good understanding.
Wow thanks so much! That helped me more than you know! 🎉
Tomnomnom explains everything so clearly and easy. Great content!
It's a good sign he understands what he's talking about
Finally bridging the gap between web developers and cybersecurity engineers. Well done.
Some notes to self:
1. Be mindful that once something is on the internet--someone is always watching.
2. Always make sure sensitive information (such as passed credentials) are not visible to the public.
3. Change up the folder structure and resource filenames of applications.
"always"????!
@@antoniofuller2331 Always.
I’m switching from full stack JS development to cyber security so I knew most of this stuff already BUT it was cool to see it in action and the thought processes behind working your way thru a system from a hacking perspective- thanks for the video!
Why are you switching if you don't mind answering?
@@9GodGo probably since the market is getting saturated.
@@APCorelone lol
They way he explains and the background music , gives us feel like some black magic stuff kudos to both of you
Web devs. Are gonna have a nice time watching this😂
sure did. the tool is same but the mentality is fresh.
I wasted my time using dev tools the wrong way
@@tjtheo5280 ? what lol
ikr?
I love this! Using devtool excessively already, but man, did I miss some great stuffz!
PLEASE KEEP THEM COMING! WE NEED MORE AMAZING CONTENT LIKE THIS STOK AND TOM!
AT LAST Someone explained the debugger function! Incredibly valuable video. Thank you both and thank you h1 for making it happen!
the interviewer is perfect, and as soon as he asked the questions in the very beginning I knew he knew what he was talking about. He also let the guest talk and that was very nice. good job Sir
Tomnomnom is so humble. Kudos to him. Wish him all the success.
Is his name "Tomnomnom " coz he eats "cookies"?
This is suuper freshh, Thanks guys! The way how Tom controls the inspector is suuper clear, I've learn some tricks with this video..
This is ABSOLUTELY hands down! One of the best and most educative YT videos I have seen on hacking. I don't know if it could be a little that I am just understanding it all alot more because I've found a few other videos that are good also and when I first started trying to learn.. the videos all just went way too fast and I didnt feel like they explained anything properly. But now I am learning so so much from Hacker 1's docs, videos and labs! Thank you Hacker One!
2:29 Are we gonna just ignore the 1st thing on Yahoo News? 😂
Yikes. I missed that.
sweet home alabama *INTENSIFIES*
@Neronian Diamanti wrong
@@n4rfy477 100times lmao
LMAO 🤷🏾♂️
i am seeing this at night,alone ,and the background music is scaring the sh*t out of me
I learned more in 24 minute than in my whole college career.....Just Amazing
Makes you question paying for it huh? Can’t stand colleges for this reason.
@@Boorne2Kill I finish college and didn’t learn anything about code but what was in the book 📚 not even related to real life...
the bg music is like a horror movie!! thanks again stok and tomnomnom!
So basically it's a debuggers tutorial 😂
Two lamers talk about debugging.
@@maxmix6406 lamers, lol
Debugging is Art of Exploitation
@@neowick-fp4tttrue, and so is proper punctuation, what you didn't do, which is the art of basic, easy grammar. (;
@@ReligionAndMaterialismDebunked I don't understand your say.
the way this guy uses the debugger is the exactly right way to use it when developing web apps. I have actually never seen such a good video one how to do it, thanks!
I feel like it's one of the most valuable programming videos I've watched
Amazing content.
Love how stök is pretending to be a beginner🤣.
Plz plz plz keep these videos coming.
The role playing is so underrated
Indeed he is a Beginner ...
in front of TomNomNom he is
LMAO
Ermm stok knowlege is actually pretty shitty lol.....
Amazing content kudos to tomnomnom btw why is the background music from horror movie
Hacker vibes
that was dope, both are skilled gentlemen and the editing was really helping the learning. Thank you both!
After the first few minutes of the video, I was ready to bail, as it seemed to be too basic but I'm glad I stayed! I'm no stranger to dev tools but even if you learn 1 useful concept, it's gold. Thanks.
This is what i understood from this:
Best way to go about exploiting javascript webcode is exploit the one thing most admins in the industries demand, pretty easy to read code with same formatting across all code/functions of a project. If you can learn what their habits are you know what to look for and what they might call/name certain objects you shouldn't be modifying. If you know all their user based api calls start with USER_ID_ than you can search for that and find crumbtrails back to an api call you can change or change the designation of an object's information.
Dude. In the minify process variable names an methods are stripped to bare letters. What are you talking abt?
@@victortodoran1828 most minify processes for JavaScript only get rid of some variable names , it mostly gets rid of whitespace. Hence why the dude in the video was using pretty print to view the code.
Title of this video must be "How to use chrome dev tools !!"... Really spend my life's 24.16 min to learn a new methodology
I have never in my life done hacking and was going to turn off the website blocker off my computer at school and wow. You guys really helpef
Floki is that you??
Loki*
Floki is from the Vikings @@user-zt3hq3pi5l
The energy in TomNomNom and Stok actually made me feel like i was learning from friends!
Amazing expalanation
Thanks for everything ❤️
Please more content like this ✌️
At the end of the video, he said this golden sentence "you gotta be able to make things work the way they're supposed to first before you could make them work the way they aren't" and that's how it is. Do not learn "hacking" since there is no such thing. Learn how to design web apps then try to break it and what youclearn while doing so, makes you a hacker
Me while trying to teach myself how to code JS: “ah yes, quite simple yes yes I understand”
Me while watching anyone actually program in JS: “wut”
Great video, always loved the dev tools but I had no idea about pretty print. You've changed my life
Actually more interesting than a netflix movie! Keep it up 😉
Yeah and it's interactive. Can you try to hack my website emeraldledger.com?
Very Educational even for an senior JavaScript developer
Love the format of this! Thanks!
You both are awesome. Thank you stök for this video. We love you.
Do make more videos. :)
I love the background music, make it more dramatic and interesting, than boring hip hop beat
I totally loved this lesson, it was juicy in terms of potential hacking and super pedagogical! Obviously @STÖK knows (at least) some things and @TomNomNom knows a LOT and both are really humble. I need many more HACKY CODING SESSIONS like this one! It's really engaging the way this interview was driven. Good material, dude.
Cheers from Argentina.
this is awesome to see love this video. Great to have STOK representing the learner so that he can ask the questions that are in our mind aswell.
Incredible production value for such 2-bit content.
this guy is off a bean on god.
"we get a much nicer look at things"
"nooooooooo wayyyyyyy thats nice *high smile intensifies*"
(13:10, 13:22) - Google pub firing range, thanks for showing this. Example for PostMessages.
the ominous background music is hilarious
Only those people dislikes who don't understand the things he is talking about. Loved it guys. Thank you so much.
1:04 oh boy
I love the “ DeusEx like” music in the background
"cOoL wItH jUsT oNe ClIcK" dude has probably never seen a browser before
But he won multiple Hackatons and similar events.
Dude knows his stuff. Don't get easily fooled.
he does this for the purpose of teaching the viewers
I was waiting for such video for a long time. Thanks STOK.. you are great. And of course TomNomNom :)
Thank u @Tomnomnom i have got super knowledge of java script and how its work @stok and @hackerone thank u see u 2021 in liveevents if allah say
TomNomNom: So, we can start of by turning on the computer.
STÖK: Nooo wayyy, niiiiice! ;D
that was awesome, I actually love the background sound. i got into hacker zone again 😂😎😍
Second that
One of your best videos so far, super informative and super good explanation done by Tom! And Stök, who doesn't love him :D
Keep them comin’!!!!
Whoever chose the background track (I think @STOK chose it), did a really excellent job. It really locked me to the tutorial, otherwise I'm pretty sure I would've got distracted by some stupid things 😆.
Tysm for this ! Very useful .
Can we have more vids like this in the future with Stok & Tom ?
Litterely so much knowledge in one video, loved it sir !!! 🤯🤯💖💖
"I am more of a burp guy", had no idea that developpers' tools existed in Chrome. Hacker level 0.
This is a lot more palatable than some of the earlier videos (the powerpoint ones) so thank you for this
2:29 Nice news xD
thanks for brightening my day with your upbeat video!
The interviewer, definitely cooked something before they started recording!
ya his brain
is that your way to say thank you for a very informative and very well edited video about a subject we care to learn?
@@griffith7651 his brains function very well, he did a great interview, played along as if he did not know already about JS, and edited the video so very well. His brains are more than fine, just about about yours
awesome vid, the suspenseful background music makes it
DevTool of Cr is great. But I find Firefox is even better. It allows us to send HTTP request from network tab ya know?
oh, man! your videos are a joy to watch. thank you very much.
That background music creates the mood
this elaborate thought process and very simple explanation has just opened my mind to how i should start approaching web security and made it less intimidating for me! thank you so much!!
alert(hi everyone👋)
hey, do you know that if you type your password in a UA-cam comment it gets automatically hidden? Like this: **************** ! It's a very cool UA-cam comment feature, try it!
Russell Teapot ****************
Wow! It really works! Security team has done a nice job!
@@the-old-channel ahahaahahah yeah!
@@RussellTeapot ***********
That background music though :D Cool video btw!!
Guy: "We can also write in JAVA - not to be confused by JavaScript"
Other Guy: "Aha hmm right.... yes. Because Java is.. hmm." (- . - )
This video is absolute GOLD for JS review.
if it wasn't for the horrible music, this would be a cool debugging tutorial :/
music was not horrible at all actually
Nodejs + decent JS skill = loads of fun on the web.
Ignore the haters. This background music is perfect. My life as a hacker should be a David Lynch movie.
Stök you r greate.. i m big fan of you! greate Guest and Great Host!
Wow this js guy is so calm and clear when he is talking.
STOK is the Jimmy Fallon of tech interviews... XHR... wwwoooaahhhhhhhhhhhh! no way!
The theme is creepy but I feel like he is livehackin on goverment instead of yahoo, STÖK you are getting better and better in videos ;]
All the kids in school were on the brink of becoming master hackers.
He looks like a good friend. Definetely nice it guy!
This is the best explanation i was looking for. Thank you TomNomNom, stok and Hackerone
Digging the dark theme to make it more intense. Ctl+shift+p dark theme
tomnomnom is an awesome teacher for sure!
need more videos like these man:)
the background music is scary heha it makes the video a little bit creepy, but the Idea I learned here is awesome XD
Very nice studying content! Thanks for that and keep up with the good stuff posting!
Great video guys thank you very much! :-)