Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using Chrome Developer Tools to hack your way into concerts (builderscon tokyo)

Amy Nguyen
September 08, 2018
Technology
1
1.3k

Using Chrome Developer Tools to hack your way into concerts (builderscon tokyo)

Chrome Developer Tools is magical. It lets you record network traffic, step through code, modify the DOM, and more! To learn when we would use each of these features, I'll walk you through my adventures trying to trick Taylor Swift’s website into giving me concert tickets. Instead of reading through all of the JS files in her site and scrolling through hundreds of useless network activity logs, I learned how to use XHR breakpoints, filter network activity by type and domain, and recreate requests with CURL. I'll show you all of these tools and a few other tricks, and by the end of this talk, you will know how to reverse engineer any website and manipulate it to do your bidding.

Amy Nguyen

September 08, 2018
Tweet

More Decks by Amy Nguyen

See All by Amy Nguyen
Big Red Button (Chatbots SG Nov 2019)
amyngyn
0
110
Big Red Button (WWCode CONNECT Asia 2019)
amyngyn
0
190
Algorithms in the real world (NUS Friday Hacks)
amyngyn
0
180
Mischief managed: Project management for engineers (Building Upwards 2018)
amyngyn
2
1k
How to break up with your vendor
amyngyn
0
480
Using Chrome Developer Tools to get what you want (Nike Tech Talks)
amyngyn
0
210
Big Red Button: How Stripe Automates Incident Management (SF Women in Infrastructure)
amyngyn
1
1.5k
Building Developer Tools Your Coworkers Won't Hate (J on the Beach 2018)
amyngyn
0
200
Building Developer Tools Your Coworkers Won't Hate (devopsdays Silicon Valley)
amyngyn
0
98

Other Decks in Technology

See All in Technology
GPTでメールの緊急度を 判定させてみた/automation-engineerLT-link-and-motivation
lmi
0
100
ログから学ぶgo build
nasa_desu
3
420
Fivetranでデータ移動を自動化する
hankehly
0
150
テスト版水平思考クイズ〜不具合から原因を想像しよう〜/xpjug2023
yoshitake_1201
1
320
那些年我們做過的 DevOps Pipeline @ DevOpsDays Taipei 2023
cheng_wei_chen
1
120
プロダクトオーナーとしてSLOに向き合う 〜Mackerelチームの事例〜 / SRE NEXT 2023
tatsuru
PRO
0
250
【IoT-Tech Meetup #5】IoTとは?WireGuard概要とIoTで通信を守る理由
soracom
PRO
0
210
Goのとある未定義動作 golang.tokyo #33
izzii
0
130
20230930_JAWS-FESTA_REJECT-CON_ControlTower
hiashisan
0
510
Juliaってどんなことができるの? for JuliaTokai #16
antimon2
1
130
ChatGPTを前に頭が真っ白を乗り越え人が答えることが困難な認知負荷MAXなタフクエスチョンをどんどん回答させてプロダクト価値を爆速探求するぞ/cognitive_load_question_and_chatgpt
moriyuya
2
380
セキュアエレメントによるWireGuardのセキュリティ強化
kmwebnet
0
150

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
49
16k
Practical Orchestrator
shlominoach
179
9.3k
The Invisible Customer
myddelton
113
12k
The Pragmatic Product Professional
lauravandoore
23
4k
Code Reviewing Like a Champion
maltzj
510
38k
Building an army of robots
kneath
300
41k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
12
5.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.9k
Designing the Hi-DPI Web
ddemaree
274
33k
A designer walks into a library…
pauljervisheath
199
17k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.6k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k

Transcript

  1. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    Chromeデベロッパー
    ツールのハック
    Using Chrome Developer Tools to
    hack your way into concerts

    View Slide

  2. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    説明
    ● テイラースウィフトのファンサイトは
    コンサートのチケットを売っている。
    ● PVを最も見る人はまずコンサートチケットを
    買うができます。
    ● 私たちは最高のファンですとファンサイトに思わせます。
    ● これは本当の物語!

    View Slide

  3. builderscon tokyo 2018
    エイミー・グェン @amyngyn

    View Slide

  4. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    もっと早く見るができますか?
    ● YouTube IFrame Player API
    ● Consoleを開けて:
    var data = {
    event: 'command',
    func: 'setPlaybackRate',
    args: [2, true]
    };
    var message = JSON.stringify(data);
    $("#player")[0].contentWindow.postMessage(message, '*');

    View Slide

  5. builderscon tokyo 2018
    エイミー・グェン @amyngyn

    View Slide

  6. builderscon tokyo 2018
    エイミー・グェン @amyngyn

    View Slide

  7. builderscon tokyo 2018
    エイミー・グェン @amyngyn

    View Slide

  8. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    Replay XHR

    View Slide

  9. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    Copy as cURL

    View Slide

  10. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    1. Server から ID を取得する
    2. /start に HTTP request を 送って。
    3. /count に HTTP request を 送って。
    4. 繰り返す!
    答え

    View Slide

  11. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    Can we protect our websites?

    View Slide

  12. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    Can we protect our websites? CAPTCHA

    View Slide

  13. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    Can we protect our websites? Randomized DOM

    View Slide

  14. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    Can we protect our websites? Validation

    View Slide

  15. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    Can we protect our websites? Shadow banning

    View Slide

  16. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    エンディング
    ● shadow ban されませんでした。
    ● 計画通り!
    ● 。。。けど高すぎ。
    ● インターンシップを申し出た?

    View Slide

  17. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    結論
    ● Tools
    ○ Execute code in the console
    ○ Filter network requests by type
    ○ Replay XHR requests
    ○ Copy requests as cURL
    ● Mentality
    ○ Perseverance
    ○ Curiosity
    ○ Resourcefulness

    View Slide

  18. builderscon tokyo 2018
    エイミー・グェン @amyngyn
    ありがとうございます!
    ● ホームページ: amynguyen.net
    ● ツイッター: @amyngyn
    ● Slides: speakerdeck.com/amyngyn
    ● Code: github.com/amyngyn/swifties
    ● 英語ブログポスト: medium.com/@amyngyn
    ● Stripe Japan: stripe.com/jobs#location=tokyo

    View Slide