{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Talkin' Bout [Infosec] News","title":"Webcast: Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/2908f607\"></iframe>","width":"100%","height":180,"duration":2762,"description":"I like webapps, don’t you? Webapps have got to be the best way to learn about security. Why? Because they’re self-contained and so very transparent. \n\n\n\nYou don’t need a big ol’ lab before you can play with them. You can run them in a single tiny VM or even tiny-er Docker image on your laptop. And so long as you’re attacking your own stuff, it’s easy to stay out of trouble. You’re up and running in the time it takes for a single download. \n\n\n\nAnd the transparent part? Ever since “view source” in the earliest web browsers, it’s been easy to see exactly what’s going on in a webapp and in the browser. Every webapp you ever use has no choice but to give you the (client-side) source code! It’s almost like there’s no such thing as a “black box” webapp pentest if you think about it… \n\n\n\nAnyhow – the Developer Tools in Firefox (and Chrome) are what happens when you take “view source” and add 25 years or so of creativity and power. \n\n\n\nWe’ll look at the Developer Tools in the latest Firefox with a pentester’s eye. Inspect and change the DOM (Document Object Model), take screenshots, find and extract key bits of data, use the console to run Javascript in the site’s origin context, and even pause script execution in the debugger if things go too fast… \n\n\n\nMaybe we’ll convince you that you can realistically do a big chunk of a webapp pentest without ever leaving the browser. \n\n\n\nJoin the BHIS Discord channel — https://discord.gg/aHHh3u5 \n\n\n\nDownload the slides: https://www.activecountermeasures.com/presentations/ (BHIS_Webcasts)  \n\n\n\n0:00 – A Shady-White Slideshow with “FREE TOOLS!” On the Sign \n\n\n\n0:38 – The Way Back Machine \n\n\n\n11:00 – Always Be Learning \n\n\n\n18:01 – The Path to the Developer Tools \n\n\n\n24:37 – Console Separately From a Window \n\n\n\n30:40 – The Network Tab \n\n\n\n36:23 – Storage Tab","thumbnail_url":"https://img.transistorcdn.com/WPYM9pq_SRUcywHv9tdgpsGLyLx04W2rDmzktvAcD4Y/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8xZTA1/ZWZhNDcxZGM4ZTFj/ZGJhMTMwNmYzMmJj/ZjBkNi5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}