Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using Chrome Developer Tools to hack your way into concerts

Amy Nguyen
March 21, 2018
Technology
0
630

Using Chrome Developer Tools to hack your way into concerts

Chrome Developer Tools is magical. It lets you record network traffic, step through code, modify the DOM, and more! To learn when we would use each of these features, I'll walk you through my adventures trying to trick Taylor Swift’s website into giving me concert tickets. Instead of reading through all of the JS files in her site and scrolling through hundreds of useless network activity logs, I learned how to use XHR breakpoints, filter network activity by type and domain, and recreate requests with CURL. I'll show you all of these tools and a few other tricks, and by the end of this talk, you will know how to reverse engineer any website and manipulate it to do your bidding.

Amy Nguyen

March 21, 2018
Tweet

More Decks by Amy Nguyen

See All by Amy Nguyen
Big Red Button (Chatbots SG Nov 2019)
amyngyn
0
110
Big Red Button (WWCode CONNECT Asia 2019)
amyngyn
0
200
Algorithms in the real world (NUS Friday Hacks)
amyngyn
0
190
Mischief managed: Project management for engineers (Building Upwards 2018)
amyngyn
2
1k
How to break up with your vendor
amyngyn
0
550
Using Chrome Developer Tools to hack your way into concerts (builderscon tokyo)
amyngyn
1
1.4k
Using Chrome Developer Tools to get what you want (Nike Tech Talks)
amyngyn
0
240
Big Red Button: How Stripe Automates Incident Management (SF Women in Infrastructure)
amyngyn
1
1.6k
Building Developer Tools Your Coworkers Won't Hate (J on the Beach 2018)
amyngyn
0
200

Other Decks in Technology

See All in Technology
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
260
MapLibreとAmazon Location Service
dayjournal
1
140
少数チームで挑む: SwiftUI, TCA, KMPを用いた 新規動画配信アプリ 「ABEMA Live」の開発について
tomu28
0
620
Databricks における 『MLOps』
databricksjapan
2
160
JAWS-UG Bedrock Claude Night
yamahiro
3
510
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.2k
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
120
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
150
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
430
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
180
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
340

Featured

See All Featured
Docker and Python
trallard
33
2.7k
Creatively Recalculating Your Daily Design Routine
revolveconf
209
11k
How STYLIGHT went responsive
nonsquared
92
4.8k
No one is an island. Learnings from fostering a developers community.
thoeni
15
2.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
1
3.4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
20
1.6k
The Cost Of JavaScript in 2023
addyosmani
15
3.8k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
Building Flexible Design Systems
yeseniaperezcruz
318
37k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
What's new in Ruby 2.0
geeforr
337
31k
Designing for Performance
lara
601
67k

Transcript

  1. Amy Nguyen @amyngyn JSConf AU 2018 Using Chrome Developer Tools

    to hack your way into concerts

  2. Amy Nguyen @amyngyn JSConf AU 2018 Using Chrome Developer Tools

    to hack your way into concerts please don't actually use this information

  3. Amy Nguyen @amyngyn JSConf AU 2018 The Setup • Swifties

    is selling tickets to Taylor Swift's concert! • The users who watch her music video the most will be first in line to buy tickets. • How can we convince Swifties that we have watched the music video more times than we have? • (Based on a true story!)

  4. Amy Nguyen @amyngyn JSConf AU 2018 Please raise your hand

    if you or someone near you can't read the screen! We can increase the font size!

  5. Amy Nguyen @amyngyn JSConf AU 2018

  6. Amy Nguyen @amyngyn JSConf AU 2018 Can we watch the

    video faster? • Check out the YouTube IFrame Player API! • Open the Console tab and enter this code: var data = { event: 'command', func: 'setPlaybackRate', args: [2, true] }; var message = JSON.stringify(data); $("#player")[0].contentWindow.postMessage(message, '*');

  7. Amy Nguyen @amyngyn JSConf AU 2018 Can we figure out

    how the site is communicating with the server? • Open the Network tab! • Filter by domain and by XHR domain:127.0.0.1 • Check out the Initiator column for a stacktrace • Look at both the response and the request data

  8. Amy Nguyen @amyngyn JSConf AU 2018

  9. Amy Nguyen @amyngyn JSConf AU 2018

  10. Amy Nguyen @amyngyn JSConf AU 2018

  11. Amy Nguyen @amyngyn JSConf AU 2018 Can we repeat requests

    to the server? • Select "Replay XHR" from the menu to repeat the exact same request!

  12. Amy Nguyen @amyngyn JSConf AU 2018 Can we make our

    own requests to the server? • Copy the request as a cURL command and try changing it!

  13. Amy Nguyen @amyngyn JSConf AU 2018 Can we send a

    valid request to the server? • There's something we're missing. • Where is that ID coming from? • To the Sources tab for debugging!

  14. Amy Nguyen @amyngyn JSConf AU 2018 Can we put this

    all together? • Why can't we get a successful response? • Let's step back and look at the whole timeline of what happens in the lifecycle of our video viewing.

  15. Amy Nguyen @amyngyn JSConf AU 2018 Can we automate our

    solution? 1. Get a unique ID from the Swifties server. 2. Send a request to the start endpoint. 3. Send a request to the count endpoint. 4. Repeat!

  16. Amy Nguyen @amyngyn JSConf AU 2018 Can we prevent us

    from happening? • CAPTCHAs • Randomize the DOM • Input validation and detection • Shadow banning

  17. Amy Nguyen @amyngyn JSConf AU 2018 What happened in the

    end? • I didn't get shadow banned! • I got a high priority position in the sale. • I forgot that I'd have to pay money at some point. • I got offered an internship at TicketMaster?????? • I got to give this talk!

  18. Amy Nguyen @amyngyn JSConf AU 2018 It's all about asking

    questions and being curious. • Can we watch the video faster? • Can we figure out how the site is communicating with the server? • Can we repeat requests to the server? • Can we make our own requests to the server? • Can we send a valid request to the server? • Can we put this all together? • Can we automate our solution? • Can we prevent us from happening?

  19. Amy Nguyen @amyngyn JSConf AU 2018 It's all about asking

    questions and being curious. • Can we watch the video faster? Execute code in the console • Can we figure out how the site is communicating with the server? Filtering out information and debugging intentionally • Can we repeat requests to the server? Replay XHR • Can we make our own requests to the server? Copy as cURL • Can we send a valid request to the server? Request parameters • Can we put this all together? Perseverance! • Can we automate our solution? Scripting • Can we prevent us from happening? Keep asking questions!

  20. Amy Nguyen @amyngyn JSConf AU 2018 Thanks! • Homepage: amynguyen.net

    • Twitter: @amyngyn • Slides: speakerdeck.com/amyngyn • Code: github.com/amyngyn/swifties • Blog post: here (or at medium.com/@amyngyn) • Stripe is hiring: stripe.com/jobs