Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using Chrome Developer Tools to get what you wa...

Amy Nguyen
July 13, 2018
Technology
0
300

Using Chrome Developer Tools to get what you want (Nike Tech Talks)

Chrome Developer Tools is magical. It lets you record network traffic, step through code, modify the DOM, and more! To learn how to use each of these features, I'll walk you through my adventures trying to trick Taylor Swift’s website into giving me concert tickets. Instead of reading through all of the JS files in her site and scrolling through hundreds of useless network activity logs, I learned how to use XHR breakpoints, filter network activity by type and domain, and recreate requests with CURL. I'll show you all of these tools and a few other tricks, and by the end of this talk, you will know how to reverse engineer any website, and manipulate it to do your bidding.

Amy Nguyen

July 13, 2018
Tweet

More Decks by Amy Nguyen

See All by Amy Nguyen
Big Red Button (Chatbots SG Nov 2019)
amyngyn
0
120
Big Red Button (WWCode CONNECT Asia 2019)
amyngyn
0
210
Algorithms in the real world (NUS Friday Hacks)
amyngyn
0
200
Mischief managed: Project management for engineers (Building Upwards 2018)
amyngyn
2
1k
How to break up with your vendor
amyngyn
0
610
Using Chrome Developer Tools to hack your way into concerts (builderscon tokyo)
amyngyn
1
1.5k
Big Red Button: How Stripe Automates Incident Management (SF Women in Infrastructure)
amyngyn
1
1.7k
Building Developer Tools Your Coworkers Won't Hate (J on the Beach 2018)
amyngyn
0
210
Building Developer Tools Your Coworkers Won't Hate (devopsdays Silicon Valley)
amyngyn
0
110

Other Decks in Technology

See All in Technology
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
670
複雑なState管理からの脱却
sansantech
PRO
1
140
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
750
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
580
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.6k
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
490

Featured

See All Featured
Facilitating Awesome Meetings
lara
50
6.1k
We Have a Design System, Now What?
morganepeng
50
7.2k
Practical Orchestrator
shlominoach
186
10k
Code Review Best Practice
trishagee
64
17k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
How GitHub (no longer) Works
holman
310
140k
Bash Introduction
62gerente
608
210k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Designing the Hi-DPI Web
ddemaree
280
34k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k

Transcript

  1. @amyngyn Nike Tech Talks Using Chrome Developer Tools to get

    what you want Amy Nguyen Infrastructure Engineer, Stripe July 12, 2018 please don't actually use this information

  2. @amyngyn Nike Tech Talks

  3. @amyngyn Nike Tech Talks The Setup • Swifties is selling

    tickets to Taylor Swift's concert! • The users who watch her music video the most will be first in line to buy tickets. • How can we convince Swifties that we have watched the music video more times than we have? • (Based on a true story!)

  4. @amyngyn Nike Tech Talks Please raise your hand if you

    or someone near you can't read the screen! We can increase the font size!

  5. @amyngyn Nike Tech Talks

  6. @amyngyn Nike Tech Talks Can we watch the video faster?

    • Check out the YouTube IFrame Player API! • Open the Console tab and enter this code: var data = { event: 'command', func: 'setPlaybackRate', args: [2, true] }; var message = JSON.stringify(data); $("#player")[0].contentWindow.postMessage(message, '*');

  7. @amyngyn Nike Tech Talks Can we figure out how the

    site is communicating with the server? • Open the Network tab! • Filter by domain and by XHR ◦ domain:localhost • Check out the Initiator column for a stacktrace • Look at both the response and the request data

  8. @amyngyn Nike Tech Talks

  9. @amyngyn Nike Tech Talks

  10. @amyngyn Nike Tech Talks

  11. @amyngyn Nike Tech Talks Can we repeat requests to the

    server? • Select "Replay XHR" from the menu to repeat the exact same request!

  12. @amyngyn Nike Tech Talks Can we make our own requests

    to the server? • Copy the request as a cURL command and try changing it!

  13. @amyngyn Nike Tech Talks Can we send a valid request

    to the server? • There's something we're missing. • Where is that ID coming from? • To the Sources tab for debugging!

  14. @amyngyn Nike Tech Talks Can we put this all together?

    • Why can't we get a successful response? • Let's step back and look at the whole timeline of what happens in the lifecycle of our video viewing.

  15. @amyngyn Nike Tech Talks Can we automate our solution? 1.

    Get a unique ID from the Swifties server. 2. Send a request to the start endpoint. 3. Send a request to the count endpoint. 4. Repeat!

  16. @amyngyn Nike Tech Talks Can we prevent this from happening

    at Nike? • CAPTCHAs

  17. @amyngyn Nike Tech Talks Can we prevent this from happening

    at Nike? • CAPTCHAs • Randomize the DOM

  18. @amyngyn Nike Tech Talks Can we prevent this from happening

    at Nike? • CAPTCHAs • Randomize the DOM • Add fake submit buttons

  19. @amyngyn Nike Tech Talks Can we prevent this from happening

    at Nike? • CAPTCHAs • Randomize the DOM • Add fake submit buttons • Shadow banning

  20. @amyngyn Nike Tech Talks Can we prevent this from happening

    at Nike? • CAPTCHAs • Randomize the DOM • Add fake submit buttons • Shadow banning • Validate input

  21. @amyngyn Nike Tech Talks • I forgot I'd have to

    pay money at some point. • I got offered an internship at TicketMaster?????? • I got to give this talk! What happened in the end? • I didn't get shadow banned! • I got a high priority position in the sale.

  22. @amyngyn Nike Tech Talks It's all about asking questions and

    being curious. • Can we watch the video faster? • Can we figure out how the site is communicating with the server? • Can we repeat requests to the server? • Can we make our own requests to the server? • Can we send a valid request to the server? • Can we put this all together? • Can we automate our solution? • Can we prevent this from happening?

  23. @amyngyn Nike Tech Talks It's all about asking questions and

    being curious. • Can we watch the video faster? Execute code in the console • Can we figure out how the site is communicating with the server? Filtering out information and debugging intentionally • Can we repeat requests to the server? Replay XHR • Can we make our own requests to the server? Copy as cURL • Can we send a valid request to the server? Request parameters • Can we put this all together? Perseverance! • Can we automate our solution? Scripting • Can we prevent us from happening? Keep asking questions!

  24. @amyngyn Nike Tech Talks Thanks! • Homepage: amynguyen.net • Twitter:

    @amyngyn • Slides: speakerdeck.com/amyngyn • Code: github.com/amyngyn/swifties • Blog post: here (or at medium.com/@amyngyn) • Stripe is hiring: stripe.com/jobs