Digging for XSS Gold: Unearthing Browser Quirks with Shazzer

Автор: PortSwigger

Загружено: 2024-11-08

Просмотров: 4094

Описание:

In this talk, you'll discover why Shazzer was built and how it streamlines the fuzzing process. Gareth Heyes dives deep into its unique fuzz types, exploring when and why to use each one for optimal result, as well as using the simple and advanced placeholders.

Whether you're new to fuzzing or looking to refine your techniques, this session will equip you with practical tips and tricks to make Shazzer an essential tool in your workflow.

Digging for XSS Gold: Unearthing Browser Quirks with Shazzer

Доступные форматы для скачивания:

Скачать видео mp4

Информация по загрузке:

Скачать аудио mp3

Похожие видео

Web Cache Entanglement: Novel Pathways to Poisoning - James Kettle (albinowax)

Web Cache Entanglement: Novel Pathways to Poisoning - James Kettle (albinowax)

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)

HTTP/2: The Sequel is Always Worse - James Kettle (albinowax)

HTTP/2: The Sequel is Always Worse - James Kettle (albinowax)

DEF CON 32 - Splitting the email atom exploiting parsers to bypass access controls - Gareth Heyes

DEF CON 32 - Splitting the email atom exploiting parsers to bypass access controls - Gareth Heyes

Уязвимости в современных JavaScript-фреймворках на примере React, Vue и Angular / А. Важинская

Уязвимости в современных JavaScript-фреймворках на примере React, Vue и Angular / А. Важинская

PortSwigginar: Burp Scanner for pentesters - March 2023

PortSwigginar: Burp Scanner for pentesters - March 2023

Turning unexploitable XSS into an account takeover with Matan Berson

Turning unexploitable XSS into an account takeover with Matan Berson

Arc Browser МЕРТВ… Этот ЛУЧШЕ!

Arc Browser МЕРТВ… Этот ЛУЧШЕ!

Hacking on Bug Bounties for 10 years: Shubs' (@infosec_au) Keynote at BSides Ahmedabad 2023

Hacking on Bug Bounties for 10 years: Shubs' (@infosec_au) Keynote at BSides Ahmedabad 2023

Portable Data exFiltration XSS for PDFs - Gareth Heyes

Portable Data exFiltration XSS for PDFs - Gareth Heyes

XSS like you've never seen.

XSS like you've never seen.

GoogleCTF - Cross-Site Scripting

GoogleCTF - Cross-Site Scripting "Pasteurize"

Сисадмины больше не нужны? Gemini настраивает Linux сервер и устанавливает cтек N8N. ЭТО ЗАКОННО?

Сисадмины больше не нужны? Gemini настраивает Linux сервер и устанавливает cтек N8N. ЭТО ЗАКОННО?

DEF CON 30 - James Kettle - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

DEF CON 30 - James Kettle - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

Attacking organizations with big scopes: from zero to hero

Attacking organizations with big scopes: from zero to hero

#NahamCon2024: The Art of Bypassing WAFs (with live demos!) | @Brumens2

#NahamCon2024: The Art of Bypassing WAFs (with live demos!) | @Brumens2

DOM Invader: Prototype Pollution

DOM Invader: Prototype Pollution

Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

Introducing DOM invader - A new tool within Burp Suite

Introducing DOM invader - A new tool within Burp Suite

Typst: Современная замена Word и LaTeX, которую ждали 40 лет

Typst: Современная замена Word и LaTeX, которую ждали 40 лет