For the best experience on desktop, install the
Chrome extension
to track your reading on news.ycombinator.com
×
Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
|
history
|
from
register
The Fragile Lock: Novel Bypasses for SAML Authentication
(
portswigger.net
)
3 points
by
todsacerdoti
3 months ago
|
past
HTTP desync attacks: request smuggling reborn
(
portswigger.net
)
3 points
by
fanf2
5 months ago
|
past
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
(
portswigger.net
)
2 points
by
todsacerdoti
7 months ago
|
past
|
1 comment
Inline Style Exfiltration: leaking data with chained CSS conditionals
(
portswigger.net
)
1 point
by
pentestercrab
7 months ago
|
past
HTTP/1.1 must die: the desync endgame
(
portswigger.net
)
42 points
by
sprawl_
7 months ago
|
past
|
25 comments
HTTP/2: The Sequel is Always Worse
(
portswigger.net
)
7 points
by
quicksilver03
7 months ago
|
past
HTTP/1.1 must die: the desync endgame
(
portswigger.net
)
3 points
by
jsnell
7 months ago
|
past
HTTP/1.1 must die: the desync endgame
(
portswigger.net
)
7 points
by
882542F3884314B
8 months ago
|
past
|
2 comments
HTTP/1.1 must die: the desync endgame
(
portswigger.net
)
17 points
by
octagons
8 months ago
|
past
|
2 comments
Drag and Pwnd: Exploiting VS Code with ASCII
(
portswigger.net
)
1 point
by
albinowax_
11 months ago
|
past
Welcome to the next generation of Burp Suite: elevate your testing with Burp AI
(
portswigger.net
)
2 points
by
thomas34298
on April 3, 2025
|
past
PESDv2 – diagram Burp traffic instantly with customizable Markdown/themes
(
portswigger.net
)
1 point
by
tony-ds
on Feb 6, 2025
|
past
Top web hacking techniques of 2024
(
portswigger.net
)
3 points
by
chillax
on Feb 5, 2025
|
past
Splitting the email atom: exploiting parsers to bypass access controls (2024)
(
portswigger.net
)
1 point
by
frizlab
on Jan 30, 2025
|
past
Stealing HttpOnly cookies with the cookie sandwich technique
(
portswigger.net
)
6 points
by
chillax
on Jan 23, 2025
|
past
Listen to the whispers: web timing attacks that work
(
portswigger.net
)
188 points
by
saikatsg
on Nov 21, 2024
|
past
|
33 comments
New Doyensec Prototype Pollution BurpSuite Extension
(
portswigger.net
)
2 points
by
tony-ds
on Oct 24, 2024
|
past
Listen to the whispers: web timing attacks that work
(
portswigger.net
)
2 points
by
rrampage
on Sept 25, 2024
|
past
Splitting the email atom: exploiting parsers to bypass access controls
(
portswigger.net
)
2 points
by
hackvertor
on Sept 5, 2024
|
past
|
1 comment
Listen to the whispers: web timing attacks that work
(
portswigger.net
)
5 points
by
dytir
on Aug 8, 2024
|
past
Listen to the whispers: web timing attacks that work
(
portswigger.net
)
3 points
by
chillax
on Aug 7, 2024
|
past
SignSaboteur: forge signed web tokens with ease
(
portswigger.net
)
2 points
by
jdmark
on May 23, 2024
|
past
HTTP/2 desync attacks. (2021)
(
portswigger.net
)
1 point
by
fanf2
on April 3, 2024
|
past
uBlock, I exfiltrate: exploiting ad blockers with CSS (2021)
(
portswigger.net
)
3 points
by
ReadCarlBarks
on March 29, 2024
|
past
Blind CSS Exfiltration: exfiltrate unknown web pages
(
portswigger.net
)
2 points
by
pentestercrab
on Jan 29, 2024
|
past
Web LLM Attacks
(
portswigger.net
)
1 point
by
beny23
on Jan 16, 2024
|
past
Top web hacking techniques of 2023 – nominations open
(
portswigger.net
)
1 point
by
celesian
on Jan 10, 2024
|
past
Implementing Tic Tac Toe with 170mb of HTML – No JavaScript or CSS
(
portswigger.net
)
31 points
by
fagnerbrack
on Nov 14, 2023
|
past
|
31 comments
Implementing Tic Tac Toe with 170mb of HTML – No JavaScript or CSS
(
portswigger.net
)
13 points
by
thunderbong
on Nov 11, 2023
|
past
|
5 comments
Implementing Tic Tac Toe with 170mb of HTML – No JavaScript or CSS
(
portswigger.net
)
2 points
by
smusamashah
on Nov 10, 2023
|
past
More
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
×
HN For You
Display Mode
Highlight
Top
Only
Debug mode
Sign Out
API Key:
Connect
Create an account
to get your API key.
