SecuriTEA & Crumpets - Episode 6 - Gareth Heyes - Hackvertor

SecuriTEA & Crumpets is a series where security professionals come together to talk about their background, research, and interesting topics. The sixth episode is with Gareth Heyes. He is a security researcher at Portswigger and in my personal opinion, a JavaScript legend. This episode he shows his Burp Suite extension Hackvertor, and all the power it holds. Check out his socials   / garethheyes   and his website http://garethheyes.co.uk.

00:00 Intro
00:52 Hackvertor
01:55 Basic usage
02:30 Double encoding
03:27 URL Encoding
04:42 Using the output console
07:20 Using Hackvertor as a JavaScript hacking tool
15:27 Creating the Burp extension
16:13 Installing Hackvertor
16:39 Basic usage
18:17 Tag Arguments
18:53 Using Hackvertor in the repeater
22:12 Tag Variables
24:05 Tag Variables in intruder
24:15 Payload processor
26:55 Custom tags
31:03 Where custom tags are useful
35:35 Editing custom tags
35:54 Share custom tags
38:25 The power of Heckvertor
43:00 How do people get involved?
43:53 Shazzer.co.uk
51:50 Close out

References:
hackvertor.co.uk
shazzer.co.uk
https://portswigger.net/bappstore/650...
https://portswigger.net/research/bypa...