Tweet
The web has changed. Sites went from being a few kilobytes of static, hand-written HTML to monstrosities of tangled JavaScript that eat hundreds of megs of RAM. Web sites are applications now, complete with security controls, complex state, and custom protocols. Our tools need to become smarter.
Hackium is part of a new tool suite designed to both give greater control over browsers and the content they execute, as well as make work more sharable and portable. Hackium itself acts like a CLI-driven browser that runs automation scripts. Add libraries like shift-refactor, a JavaScript transformation library, and shift-interpreter, a JavaScript meta-interpreter, and you can intercept and manipulate JavaScript with just a few lines of code, no proxies necessary.
This session will introduce Hackium and how you can use features like the REPL to automate in-page tasks, work with 3rd party APIs for tasks like CAPTCHA solving, and intercept traffic to automatically deobfuscate JavaScript.
Speaker(s): Jarrod Overson
Location: Appsec Vlg
Discord: https://discord.com/channels/7082082...33026982690876
Event starts: 2020-08-08 11:00 (11:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-08 11:45 (11:45 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T02:24 (UTC).
Hackium is part of a new tool suite designed to both give greater control over browsers and the content they execute, as well as make work more sharable and portable. Hackium itself acts like a CLI-driven browser that runs automation scripts. Add libraries like shift-refactor, a JavaScript transformation library, and shift-interpreter, a JavaScript meta-interpreter, and you can intercept and manipulate JavaScript with just a few lines of code, no proxies necessary.
This session will introduce Hackium and how you can use features like the REPL to automate in-page tasks, work with 3rd party APIs for tasks like CAPTCHA solving, and intercept traffic to automatically deobfuscate JavaScript.
Speaker(s): Jarrod Overson
Location: Appsec Vlg
Discord: https://discord.com/channels/7082082...33026982690876
Event starts: 2020-08-08 11:00 (11:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-08 11:45 (11:45 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T02:24 (UTC).