Exploiting Unknown Browsers and Objects

Explore advanced techniques for discovering and exploiting unknown browsers and custom JavaScript objects in this 39-minute conference talk from OWASP AppSec EU 2018. Delve into the world of embedded browsers found in popular applications, headless crawlers, IoT devices, and game consoles. Learn how to overcome the challenges of investigating these systems without traditional developer tools. Discover the Hackability inspector, a powerful offensive toolkit for security researchers, designed to inspect and exploit hidden entities. Gain insights into detecting JavaScript windows, Function/Object patterns, and Java bridges. Master advanced inspection techniques, security testing methods, and practical use cases for this innovative tool. Equip yourself with essential shortcuts and commands to enhance your offensive security capabilities in environments where conventional dev tools are unavailable.

Intro
About me
Hackability
Missing browser devtools
New tool
Introducing Inspector
Inspecting HTML
Filter objects
Detecting JS windows
Detecting Function/Object
Security bugs
Security tests
Detecting Java bridges
Exploiting Java bridges
Advanced Inspection
Use cases
Shortcuts and commands
Conclusion