Gareth Heyes 

@[email protected]
2.7K Followers
239 Following
702 Posts
javascript:/*--></title></style></textarea></script></xmp><svg/onload='-/"/-/onmouseover=1/-/[*/[]/-alert(1)//'>

https://garethheyes.co.uk/#latestBook

https://leanpub.com/javascriptforhackers/
My web sitehttps://garethheyes.co.uk/
PortSwigger Researchhttps://portswigger.net/research
Githubhttps://github.com/hackvertor/
My bloghttp://www.thespanner.co.uk/
JavaScript for hackershttps://leanpub.com/javascriptforhackers/
Gareth Heyes 17h ago

Shazzer had an interesting bug. I write to a blob URL thats sandboxed but because its a blob URL it breaks relative URLs which means vectors with them would return false negatives. The fix was: use a base tag to change the domain. This fixes vectors like:

https://shazzer.co.uk/vectors/69c81542145f0a28b7d202be

relative & protocol relative url starting with a slash and not immediately having a slash after it. - Shazzer

test

Gareth Heyes 3d ago
Frederik Braun �3d ago
@gaz Have you seen this? You must see this :) https://front-end.social/@html5test/116301798349200500 first response also contains link to how he built it
Niels Leenheer (@[email protected])

Attached: 1 image CSS is DOOMed! I've build DOOM in CSS and every wall, floor, barrel, and imp is a div, positioned in 3D space using CSS transforms. https://cssdoom.wtf Try it out! But... not every browser can handle it. This is taking the browser to its limit. Chrome has some issues. Safari too. Bugs will be filed.

Front-End Social
Gareth Heyes Mar 8
Been doing a lot of statistical analysis in my free time on yet another side project. It's quite fun and far less challenging than my other side projects.
Gareth Heyes Mar 4

You can now create collections of vectors on Shazzer. You can select up to 10 vectors and view the results of each by clicking a button. If anyone has any ideas to display the results in a better way let me know.

https://shazzer.co.uk/

Shazzer - Shared online fuzzing

An app to enable to fuzz all sorts of browser behaviour. Share your fuzz results with the world and discover new bugs!

Gareth Heyes Feb 26

Last night I added GZip and Deflate compression to Hackvertor. I also improved the autodecoder to detect it. Yesterday on my lunch I added autocompletion for HackPad and fixed a bunch of bugs.

https://hackvertor.co.uk/urls/31

Hackvertor - Cutting edge conversion

An app to make conversion tags to help with web security research

Gareth Heyes Feb 20

Hackvertor v2.2.45 released!

Fixed UI, primary buttons now have primary colour
Websocket message editor (Big thanks snooze6)
Hex edit functionality (Big thanks snooze6)
Centred dialogs (Big thanks psalire)

Gareth Heyes Feb 13
Question is what do I build next? So exciting. So many ideas...
Show threadGareth Heyes Feb 13
They are never ever going to be used by millions of people and they've always been niche. But they have given me great satisfaction and brought back my love of design, dev and constructing good UX as well as providing me with very interesting problems.
Gareth Heyes Feb 13
I've got to the point where I've implemented nearly every 1 of my ideas for Shazzer and Hackvertor. Claude played a big part in that. I'm proud of them both. My approach of semi-vibing was long winded but now I think it's really paid off in both knowledge and speed of development
Gareth Heyes Feb 13
I've added tool tips to the tags in Hackvertor!