Gareth Heyes
@garethheyes.co.uk
javascript:/*--></title></style></textarea></script></xmp><svg/onload='-/"/-/onmouseover=1/-/[*/[]/-alert(1)//'>
https://garethheyes.co.uk/#latestBook
https://garethheyes.co.uk/#latestBook
Hackvertor 2.2.33 released!
- New MultiEncoder window (CTRL+ALT+M) for applying multiple transformations across layers and sending to Repeater tab
- WebSockets support including a WebSocket handler and a new WebSocket setting
- Improved auto decoding
- New MultiEncoder window (CTRL+ALT+M) for applying multiple transformations across layers and sending to Repeater tab
- WebSockets support including a WebSocket handler and a new WebSocket setting
- Improved auto decoding
November 28, 2025 at 12:17 PM
Hackvertor 2.2.33 released!
- New MultiEncoder window (CTRL+ALT+M) for applying multiple transformations across layers and sending to Repeater tab
- WebSockets support including a WebSocket handler and a new WebSocket setting
- Improved auto decoding
- New MultiEncoder window (CTRL+ALT+M) for applying multiple transformations across layers and sending to Repeater tab
- WebSockets support including a WebSocket handler and a new WebSocket setting
- Improved auto decoding
Demo of the new Shadow Repeater response timing differences.
November 18, 2025 at 2:47 PM
Demo of the new Shadow Repeater response timing differences.
Coming to Hackvertor soon...
Big thanks to CoreyD97 for the suggestion!
Big thanks to CoreyD97 for the suggestion!
November 14, 2025 at 10:45 PM
Coming to Hackvertor soon...
Big thanks to CoreyD97 for the suggestion!
Big thanks to CoreyD97 for the suggestion!
New Safari vector:
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
October 30, 2025 at 12:48 PM
New Safari vector:
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
If you want to learn how to construct epic payloads like this? You need JavaScript for Hackers.
Requires this hash:
#<img/src/onerror=alert(1)>
www.amazon.com/JavaScript-h...
Requires this hash:
#<img/src/onerror=alert(1)>
www.amazon.com/JavaScript-h...
October 16, 2025 at 5:40 PM
If you want to learn how to construct epic payloads like this? You need JavaScript for Hackers.
Requires this hash:
#<img/src/onerror=alert(1)>
www.amazon.com/JavaScript-h...
Requires this hash:
#<img/src/onerror=alert(1)>
www.amazon.com/JavaScript-h...
Want to learn how to craft payloads like these?
Read JavaScript for Hackers to master creative XSS techniques and understand exactly why they work.
🧠 Learn to think like a hacker
⚡ Master the art of payload design
Grab your copy 👉 www.amazon.com/JavaScript-h...
Read JavaScript for Hackers to master creative XSS techniques and understand exactly why they work.
🧠 Learn to think like a hacker
⚡ Master the art of payload design
Grab your copy 👉 www.amazon.com/JavaScript-h...
October 14, 2025 at 11:17 AM
Want to learn how to craft payloads like these?
Read JavaScript for Hackers to master creative XSS techniques and understand exactly why they work.
🧠 Learn to think like a hacker
⚡ Master the art of payload design
Grab your copy 👉 www.amazon.com/JavaScript-h...
Read JavaScript for Hackers to master creative XSS techniques and understand exactly why they work.
🧠 Learn to think like a hacker
⚡ Master the art of payload design
Grab your copy 👉 www.amazon.com/JavaScript-h...
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
October 13, 2025 at 9:00 AM
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more.
www.amazon.com/dp/B0BRD9B3GS
www.amazon.com/dp/B0BRD9B3GS
September 26, 2025 at 11:20 AM
In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more.
www.amazon.com/dp/B0BRD9B3GS
www.amazon.com/dp/B0BRD9B3GS
September 10, 2025 at 7:25 PM
WAFs still blocking your payloads? Try our newest pointer capture tricks. Our XSS cheat sheet just got an upgrade thanks to Muhammad Ahsan.
portswigger.net/web-security...
portswigger.net/web-security...
September 1, 2025 at 1:12 PM
WAFs still blocking your payloads? Try our newest pointer capture tricks. Our XSS cheat sheet just got an upgrade thanks to Muhammad Ahsan.
portswigger.net/web-security...
portswigger.net/web-security...
Imagine you have a XSS vulnerability but you have a undefined variable before your injection. Is all hope lost? Not at all you can use a technique called XSS Hoisting to declare the variable and continue your exploit. Thanks to ycam_asafety for the submission.
portswigger.net/web-security...
portswigger.net/web-security...
August 28, 2025 at 1:18 PM
Imagine you have a XSS vulnerability but you have a undefined variable before your injection. Is all hope lost? Not at all you can use a technique called XSS Hoisting to declare the variable and continue your exploit. Thanks to ycam_asafety for the submission.
portswigger.net/web-security...
portswigger.net/web-security...
August 26, 2025 at 12:54 PM
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below:
portswigger.net/research/inl...
portswigger.net/research/inl...
August 26, 2025 at 12:54 PM
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below:
portswigger.net/research/inl...
portswigger.net/research/inl...
Is your target leaking CSP violations left and right? Mikhail Khramenkov reveals how to hijack the onsecuritypolicyviolation event to trigger JS in hidden inputs - when unsafe-inline is in play and styles are blocked. Now live on our XSS cheat sheet.
portswigger.net/web-security...
portswigger.net/web-security...
July 24, 2025 at 2:25 PM
Is your target leaking CSP violations left and right? Mikhail Khramenkov reveals how to hijack the onsecuritypolicyviolation event to trigger JS in hidden inputs - when unsafe-inline is in play and styles are blocked. Now live on our XSS cheat sheet.
portswigger.net/web-security...
portswigger.net/web-security...
You can use big int after any number including octals, hex and binary. Oh JS I love your quirky nature ❤️. Might help bypass a flawed WAF regex.
July 18, 2025 at 11:50 AM
You can use big int after any number including octals, hex and binary. Oh JS I love your quirky nature ❤️. Might help bypass a flawed WAF regex.
All done with just this magic
July 17, 2025 at 2:04 PM
All done with just this magic
You're not ready for how powerful Custom Actions are.
You can now build your own AI hacking sidekicks that rewrite requests for you.
Forget typing payloads - just let your assistant do it.
🔥 Welcome to the future of offensive automation.
Get the source code:
github.com/PortSwigger/...
You can now build your own AI hacking sidekicks that rewrite requests for you.
Forget typing payloads - just let your assistant do it.
🔥 Welcome to the future of offensive automation.
Get the source code:
github.com/PortSwigger/...
July 17, 2025 at 1:44 PM
You're not ready for how powerful Custom Actions are.
You can now build your own AI hacking sidekicks that rewrite requests for you.
Forget typing payloads - just let your assistant do it.
🔥 Welcome to the future of offensive automation.
Get the source code:
github.com/PortSwigger/...
You can now build your own AI hacking sidekicks that rewrite requests for you.
Forget typing payloads - just let your assistant do it.
🔥 Welcome to the future of offensive automation.
Get the source code:
github.com/PortSwigger/...
Manual testing doesn't have to be repetitive.
Meet Repeater Strike - an AI-powered Burp Suite extension that turns your Repeater traffic into a scan check.
Source code:
github.com/hackvertor/r...
Blog post:
portswigger.net/research/rep...
Meet Repeater Strike - an AI-powered Burp Suite extension that turns your Repeater traffic into a scan check.
Source code:
github.com/hackvertor/r...
Blog post:
portswigger.net/research/rep...
July 15, 2025 at 1:48 PM
Manual testing doesn't have to be repetitive.
Meet Repeater Strike - an AI-powered Burp Suite extension that turns your Repeater traffic into a scan check.
Source code:
github.com/hackvertor/r...
Blog post:
portswigger.net/research/rep...
Meet Repeater Strike - an AI-powered Burp Suite extension that turns your Repeater traffic into a scan check.
Source code:
github.com/hackvertor/r...
Blog post:
portswigger.net/research/rep...
🔥 Want to think like a hacker and truly understand JavaScript?
💻 JavaScript for Hackers is your guide to breaking, bending, and mastering the language like never before.
💻 JavaScript for Hackers is your guide to breaking, bending, and mastering the language like never before.
July 9, 2025 at 5:11 PM
🔥 Want to think like a hacker and truly understand JavaScript?
💻 JavaScript for Hackers is your guide to breaking, bending, and mastering the language like never before.
💻 JavaScript for Hackers is your guide to breaking, bending, and mastering the language like never before.
Shazzer now takes into account character ranges when calculating the fuzz results records. I changed how the ranges are displayed too. This was fun to fix. It took around <2 lunch breaks :D it's fun trying to fit it into my lunch breaks.
July 9, 2025 at 11:44 AM
Shazzer now takes into account character ranges when calculating the fuzz results records. I changed how the ranges are displayed too. This was fun to fix. It took around <2 lunch breaks :D it's fun trying to fit it into my lunch breaks.
Made hacking rooms work in real time. This demo connects three browsers with real time editing on. From Chrome I edit some HTML. This gets sent over websockets to the other browsers which call postMessage to a blob with a sandboxed iframe.
June 20, 2025 at 11:55 AM
Made hacking rooms work in real time. This demo connects three browsers with real time editing on. From Chrome I edit some HTML. This gets sent over websockets to the other browsers which call postMessage to a blob with a sandboxed iframe.
Here I use a Hacking room in Hackvertor to find bugs in Chrome and Safari. I basically connect Firefox, Safari and Chrome and try a SVG vector. Firefox escapes correctly whereas Chrome and Safari don't. Chrome executes the alert and Safari goes red to indicate it did too.
June 17, 2025 at 11:23 AM
Here I use a Hacking room in Hackvertor to find bugs in Chrome and Safari. I basically connect Firefox, Safari and Chrome and try a SVG vector. Firefox escapes correctly whereas Chrome and Safari don't. Chrome executes the alert and Safari goes red to indicate it did too.
Mikhail Khramenkov just contributed a new dangling markup vector on the latest Chrome. Live now on our XSS cheat sheet.
Link to vector👇
portswigger.net/web-security...
Link to vector👇
portswigger.net/web-security...
June 12, 2025 at 1:11 PM
Mikhail Khramenkov just contributed a new dangling markup vector on the latest Chrome. Live now on our XSS cheat sheet.
Link to vector👇
portswigger.net/web-security...
Link to vector👇
portswigger.net/web-security...
Epic Firefox XSS vectors by Masato Kinugawa. Now available on our XSS cheat sheet including variants found by me.
Link to vectors👇
portswigger.net/web-security...
Link to vectors👇
portswigger.net/web-security...
June 9, 2025 at 1:26 PM
Epic Firefox XSS vectors by Masato Kinugawa. Now available on our XSS cheat sheet including variants found by me.
Link to vectors👇
portswigger.net/web-security...
Link to vectors👇
portswigger.net/web-security...
Abuse EvalError, onpageswap, and setTimeout to get JS execution without parens.
@0x999.net redirects the page to trigger onpageswap, hijacks the thrown error, and turns it into code. Inspired by @terjanq.me. Now available on the XSS cheat sheet.
Link to vector👇
portswigger.net/web-security...
@0x999.net redirects the page to trigger onpageswap, hijacks the thrown error, and turns it into code. Inspired by @terjanq.me. Now available on the XSS cheat sheet.
Link to vector👇
portswigger.net/web-security...
June 4, 2025 at 1:25 PM
Abuse EvalError, onpageswap, and setTimeout to get JS execution without parens.
@0x999.net redirects the page to trigger onpageswap, hijacks the thrown error, and turns it into code. Inspired by @terjanq.me. Now available on the XSS cheat sheet.
Link to vector👇
portswigger.net/web-security...
@0x999.net redirects the page to trigger onpageswap, hijacks the thrown error, and turns it into code. Inspired by @terjanq.me. Now available on the XSS cheat sheet.
Link to vector👇
portswigger.net/web-security...