boarzVideosClipsStatistics

#️⃣EP 220 - Beta Testing 5

🎦
📅 2022-04-22 (404 days ago)
⌛ 1:10:18
ThaneshboarToreyboar
AllClipsEpisodesHas Blog PostZainThaneshKartikTorey
001
Build Break and Code
📅 2021-07-14 
(686 days ago)
⌛ 0:58:43
ZainboarKartikboar
002
Build, Break & Fix
📅 2021-07-15 
(685 days ago)
⌛ 0:53:45
ZainboarKartikboar
🎬
Krunchmaster Kartik
Build, Break & Fix
ZainboarKartikboar
003
Build, Break & Fix
📅 2021-07-16 
(684 days ago)
⌛ 1:09:05
ZainboarKartikboar
004
Special Edition: We don't stop until we get our code working
📅 2021-07-16 
(684 days ago)
⌛ 2:27:06
ZainboarKartikboar
🎬
Killing it
Special Edition: We don't stop until we get our code working
ZainboarKartikboar
005
Build,Break & Fix // Weekend two hour special
📅 2021-07-17 
(683 days ago)
⌛ 2:00:31
ZainboarKartikboar
🎬
Schooling in brown countries
Build,Break & Fix // Weekend two hour special
ZainboarKartikboar
🎬
Unprofessional Kartik
Build,Break & Fix // Weekend two hour special
ZainboarKartikboar
006
Build, Break & Fix
📅 2021-07-19 
(681 days ago)
⌛ 1:03:20
ZainboarKartikboar
007
Build, Break & Fix
📅 2021-07-20 
(680 days ago)
⌛ 1:04:37
ZainboarKartikboar
008
Build, Break & Fix
📅 2021-07-21 
(679 days ago)
⌛ 1:00:37
ZainboarKartikboar
009
Build, Break & Fix
📅 2021-07-22 
(678 days ago)
⌛ 1:17:02
ZainboarKartikboar
010
Build, Break & Fix
📅 2021-07-23 
(677 days ago)
⌛ 1:04:59
ZainboarKartikboar
011
Build, Break & Fix
📅 2021-07-23 
(677 days ago)
⌛ 1:48:16
ZainboarKartikboar
012
Build, Break & Fix
📅 2021-07-24 
(676 days ago)
⌛ 2:05:28
ZainboarKartikboar
013
Build, Break & Code //First Special Guest Appearance
📅 2021-07-26 
(674 days ago)
⌛ 1:09:09
ZainboarKartikboar
014
Build, Break & Fix
📅 2021-07-27 
(673 days ago)
⌛ 1:05:37
ZainboarKartikboar
015
Build, Break & Fix // Setting a blog using Hugo and AWS Amplify
📅 2021-07-28 
(672 days ago)
⌛ 1:07:46
ZainboarKartikboar
🎬
Brain Refresh
Build, Break & Fix // Setting a blog using Hugo and AWS Amplify
ZainboarKartikboar
016
Build, Break & Fix // Working on FETCH APIs
📅 2021-07-29 
(671 days ago)
⌛ 1:03:57
ZainboarKartikboar
017
Build, Break & Fix // Working on FETCH APIs
📅 2021-07-30 
(670 days ago)
⌛ 1:06:45
ZainboarKartikboar
018
Build, Break & Fix // creating get methods with FETCH API
📅 2021-07-30 
(670 days ago)
⌛ 2:00:16
ZainboarKartikboar
019
Build, Break & Fix // BLOG REVEAL!! &Fixing our broken Hugo blog
📅 2021-07-31 
(669 days ago)
⌛ 2:03:11
📰
ZainboarKartikboar
020
Build, Break & Fix // Fixing the uncaught exception error in FETCH APIs
📅 2021-08-02 
(667 days ago)
⌛ 1:02:04
ZainboarKartikboar
021
Build, Break & Fix // Trying different things to resolve the error
📅 2021-08-03 
(666 days ago)
⌛ 1:04:49
📰
ZainboarKartikboar
022
Build, Break & Fix // Special Guest announcement for tomorrow!
📅 2021-08-04 
(665 days ago)
⌛ 1:03:15
📰
ZainboarKartikboar
023
Special Episode : Talking to a Principal Developer at Seek
📅 2021-08-05 
(664 days ago)
⌛ 1:04:56
📰
ZainboarKartikboar
024
Build, Break & Fix // Working out Software design
📅 2021-08-06 
(663 days ago)
⌛ 1:08:19
📰
ZainboarKartikboar
🎬
Finger driven architecture
Build, Break & Fix // Working out Software design
ZainboarKartikboar
🎬
Fast food driven architecture
Build, Break & Fix // Working out Software design
ZainboarKartikboar
025
Build, Break & Fix
📅 2021-08-06 
(663 days ago)
⌛ 2:01:05
📰
ZainboarKartikboar
🎬
Can't be ashamed if there's never a first version
Build, Break & Fix
ZainboarKartikboar
🎬
Not a uni student
Build, Break & Fix
ZainboarKartikboar
026
Weekend Special 1.5 hours
📅 2021-08-08 
(661 days ago)
⌛ 1:35:49
📰
Zainboar
027
30 mins of deployment 😠 || 30 mins of coding 🥲
📅 2021-08-09 
(660 days ago)
⌛ 1:07:48
📰
ZainboarKartikboar
🎬
Can't work, deploying
30 mins of deployment 😠 || 30 mins of coding 🥲
ZainboarKartikboar
028
Today's Broadcast
📅 2021-08-10 
(659 days ago)
⌛ 1:18:59
📰
ZainboarKartikboar
🎬
Two points of contact
Today's Broadcast
ZainboarKartikboar
🎬
CORS exclusive lovin'
Today's Broadcast
ZainboarKartikboar
029
Build Break Fix
📅 2021-08-11 
(658 days ago)
⌛ 1:01:46
📰
ZainboarKartikboar
030
Today's Stream
📅 2021-08-12 
(657 days ago)
⌛ 1:09:24
📰
ZainboarKartikboar
🎬
Sensible policy
Today's Stream
ZainboarKartikboar
🎬
Shoes in mouth
Today's Stream
ZainboarKartikboar
031
Buidl Break Fix
📅 2021-08-13 
(656 days ago)
⌛ 1:05:05
📰
ZainboarKartikboar
🎬
The code always wins
Buidl Break Fix
ZainboarKartikboar
🎬
Chicken curry in the brown way
Buidl Break Fix
ZainboarKartikboar
032
Today's Broadcast
📅 2021-08-14 
(655 days ago)
⌛ 1:20:18
📰
ZainboarKartikboar
033
Build - Break - Fix
📅 2021-08-15 
(654 days ago)
⌛ 1:34:03
📰
ZainboarKartikboar
034
Build Break Fix
📅 2021-08-16 
(653 days ago)
⌛ 1:18:19
📰
ZainboarKartikboar
🎬
Finger memory practice
Build Break Fix
ZainboarKartikboar
🎬
See you later Kartik
Build Break Fix
ZainboarKartikboar
035
Today's Broadcast
📅 2021-08-17 
(652 days ago)
⌛ 1:04:07
📰
ZainboarKartikboar
🎬
Keep your code looking sexy
Today's Broadcast
ZainboarKartikboar
🎬
Echo chamber Zain
Today's Broadcast
ZainboarKartikboar
🎬
And Kartik never got a job again...
Today's Broadcast
ZainboarKartikboar
036
Build, Break, Fix
📅 2021-08-18 
(651 days ago)
⌛ 1:03:21
📰
ZainboarKartikboar
037
Special Guest - Sam Nolan
📅 2021-08-19 
(650 days ago)
⌛ 1:05:19
📰
ZainboarKartikboar
038
Today's Broadcast
📅 2021-08-20 
(649 days ago)
⌛ 1:01:55
📰
ZainboarKartikboar
039
Today's Broascast
📅 2021-08-21 
(648 days ago)
⌛ 1:33:11
📰
ZainboarKartikboar
🎬
Pilot? What even iz dat kind of fing
Today's Broascast
ZainboarKartikboar
040
Build - Break - Fix
📅 2021-08-22 
(647 days ago)
⌛ 1:33:18
📰
ZainboarKartikboar
🎬
Fish and Chips
Build - Break - Fix
ZainboarKartikboar
🎬
Backup career
Build - Break - Fix
ZainboarKartikboar
041
Build Break Fix
📅 2021-08-23 
(646 days ago)
⌛ 0:57:11
📰
Zainboar
042
Today's Broadcast
📅 2021-08-24 
(645 days ago)
⌛ 1:06:08
📰
ZainboarKartikboar
🎬
Professional background? Wat even iz dat?
Today's Broadcast
ZainboarKartikboar
🎬
Private mentorship group
Today's Broadcast
ZainboarKartikboar
043
Today's Stream
📅 2021-08-25 
(644 days ago)
⌛ 1:13:08
📰
ZainboarKartikboar
🎬
Actually good job advice from Zain
Today's Stream
ZainboarKartikboar
044
Today's Stream
📅 2021-08-26 
(643 days ago)
⌛ 0:49:48
📰
ZainboarKartikboar
🎬
What a classic!
Today's Stream
ZainboarKartikboar
🎬
Uber driver in training
Today's Stream
ZainboarKartikboar
045
Today's Stream
📅 2021-08-27 
(642 days ago)
⌛ 1:08:21
📰
ZainboarKartikboar
046
Weekend Special
📅 2021-08-28 
(641 days ago)
⌛ 1:32:51
ZainboarKartikboar
047
Weekend Special
📅 2021-08-29 
(640 days ago)
⌛ 1:01:39
Zainboar
048
Today's Broadcast
📅 2021-08-30 
(639 days ago)
⌛ 1:17:19
ZainboarKartikboar
049
Today's Broadcast
📅 2021-08-31 
(638 days ago)
⌛ 1:00:16
ZainboarKartikboar
🎬
Viewer burn
Today's Broadcast
ZainboarKartikboar
050
CELEBRATION: 50th Episode
📅 2021-09-01 
(637 days ago)
⌛ 1:01:53
ZainboarKartikboar
051
Today's Broadcast
📅 2021-09-02 
(636 days ago)
⌛ 1:05:39
ZainboarKartikboar
🎬
Time for a nap
Today's Broadcast
ZainboarKartikboar
🎬
A sniffer of a line
Today's Broadcast
ZainboarKartikboar
🎬
Slow Zain
Today's Broadcast
ZainboarKartikboar
052
Today's Broadcast
📅 2021-09-03 
(635 days ago)
⌛ 1:12:47
ZainboarKartikboar
🎬
No single point of failure
Today's Broadcast
ZainboarKartikboar
🎬
Gambling on bad logic
Today's Broadcast
ZainboarKartikboar
🎬
Estimated Time of New-Careers
Today's Broadcast
ZainboarKartikboar
🎬
Fake Nod
Today's Broadcast
ZainboarKartikboar
053
NEW SETUP!!
📅 2021-09-04 
(634 days ago)
⌛ 1:04:04
ZainboarKartikboar
🎬
Investing in 'the brand'
NEW SETUP!!
ZainboarKartikboar
🎬
Hitting a brick
NEW SETUP!!
ZainboarKartikboar
🎬
Master of the green screen
NEW SETUP!!
ZainboarKartikboar
🎬
Logiclesstech
NEW SETUP!!
ZainboarKartikboar
054
Weekend Special
📅 2021-09-05 
(633 days ago)
⌛ 1:41:54
ZainboarKartikboar
055
Today's Stream
📅 2021-09-06 
(632 days ago)
⌛ 1:20:05
ZainboarKartikboar
🎬
Get him to the greenscreen
Today's Stream
ZainboarKartikboar
🎬
Change the digit to a number
Today's Stream
ZainboarKartikboar
056
Today's Broadcast
📅 2021-09-07 
(631 days ago)
⌛ 1:25:44
ZainboarKartikboar
🎬
The benefits of pair programming
Today's Broadcast
ZainboarKartikboar
057
Today's Stream
📅 2021-09-08 
(630 days ago)
⌛ 1:00:33
ZainboarKartikboar
🎬
Xs, the healthy choice
Today's Stream
ZainboarKartikboar
🎬
Xs vs mother
Today's Stream
ZainboarKartikboar
058
Today's Stream
📅 2021-09-09 
(629 days ago)
⌛ 1:13:08
ZainboarKartikboar
🎬
The beginning of the end of productivity
Today's Stream
ZainboarKartikboar
🎬
Unprofessional Zain
Today's Stream
ZainboarKartikboar
🎬
Blazing fast
Today's Stream
ZainboarKartikboar
🎬
Premature celebratory dance
Today's Stream
ZainboarKartikboar
🎬
Timeline slippage
Today's Stream
ZainboarKartikboar
🎬
Speed coding
Today's Stream
ZainboarKartikboar
059
Today's Broadcast
📅 2021-09-10 
(628 days ago)
⌛ 1:50:40
ZainboarKartikboar
🎬
Sorry I dont know that voice
Today's Broadcast
ZainboarKartikboar
🎬
Definition of done
Today's Broadcast
ZainboarKartikboar
🎬
Amway bites
Today's Broadcast
ZainboarKartikboar
🎬
A cool stream
Today's Broadcast
ZainboarKartikboar
🎬
Spooky Kartik
Today's Broadcast
ZainboarKartikboar
060
Today's Stream
📅 2021-09-12 
(626 days ago)
⌛ 1:02:36
ZainboarKartikboar
061
Today's Stream
📅 2021-09-13 
(625 days ago)
⌛ 1:00:40
ZainboarKartikboar
🎬
Water physics 101
Today's Stream
ZainboarKartikboar
🎬
Scrum master Zain
Today's Stream
ZainboarKartikboar
🎬
Zain applying his scrum master skills
Today's Stream
ZainboarKartikboar
062
Today's Stream
📅 2021-09-14 
(624 days ago)
⌛ 1:11:29
ZainboarKartikboar
063
Today's Stream
📅 2021-09-15 
(623 days ago)
⌛ 1:07:00
ZainboarKartikboar
🎬
Zain the blunderer
Today's Stream
ZainboarKartikboar
🎬
Healthier than other traditional drinks
Today's Stream
ZainboarKartikboar
🎬
Real headscratcha
Today's Stream
ZainboarKartikboar
🎬
Bracket blues
Today's Stream
ZainboarKartikboar
🎬
If statements are not good practice
Today's Stream
ZainboarKartikboar
🎬
Kappa Quality Code
Today's Stream
ZainboarKartikboar
🎬
Exciting switch statements
Today's Stream
ZainboarKartikboar
064
Today's Broadcast
📅 2021-09-16 
(622 days ago)
⌛ 1:20:45
📰
ZainboarKartikboar
🎬
Switched-on hat
Today's Broadcast
ZainboarKartikboar
065
test
📅 2021-09-16 
(622 days ago)
⌛ 2:03:01
📰
ZainboarKartikboar
🎬
Setting up a suppository in Diagon Alley
test
ZainboarKartikboar
🎬
Background Diagon Alley
test
ZainboarKartikboar
🎬
RAWR coders
test
ZainboarKartikboar
066
Today's Broadcast
📅 2021-09-19 
(619 days ago)
⌛ 1:46:13
📰
ZainboarKartikboar
067
Today's Stream
📅 2021-09-20 
(618 days ago)
⌛ 1:03:46
📰
ZainboarKartikboarToreyboar
🎬
What is a sea cable?
Today's Stream
ZainboarKartikboarToreyboar
068
Today's Stream
📅 2021-09-21 
(617 days ago)
⌛ 1:09:13
📰
ZainboarKartikboarToreyboar
069
Today's Broadcast
📅 2021-09-22 
(616 days ago)
⌛ 1:03:51
📰
ZainboarKartikboar
070
Today's Stream
📅 2021-09-23 
(615 days ago)
⌛ 1:59:01
📰
ZainboarKartikboar
071
Today's Stream
📅 2021-09-24 
(614 days ago)
⌛ 0:28:57
📰
ZainboarKartikboar
072
Today's Stream
📅 2021-09-24 
(614 days ago)
⌛ 0:39:33
📰
ZainboarKartikboar
073
Today's Stream
📅 2021-09-26 
(612 days ago)
⌛ 1:21:14
📰
Zainboar
074
Today's Stream
📅 2021-09-27 
(611 days ago)
⌛ 1:03:40
📰
ZainboarKartikboar
075
Today's Stream
📅 2021-09-28 
(610 days ago)
⌛ 1:04:05
📰
ZainboarKartikboar
076
Today's Broadcast
📅 2021-09-29 
(609 days ago)
⌛ 0:58:07
📰
ZainboarKartikboar
077
Today' Broadcast
📅 2021-09-30 
(608 days ago)
⌛ 1:13:14
📰
ZainboarKartikboar
078
Today's Broadcast
📅 2021-10-01 
(607 days ago)
⌛ 1:23:11
📰
ZainboarKartikboar
🎬
If statements are bad practice
Today's Broadcast
ZainboarKartikboar
🎬
Tomato fan
Today's Broadcast
ZainboarKartikboar
079
Today's Stream
📅 2021-10-03 
(605 days ago)
⌛ 1:14:52
📰
ZainboarKartikboar
080
Today's Stream
📅 2021-10-04 
(604 days ago)
⌛ 1:05:10
📰
ZainboarKartikboar
081
Today's Stream
📅 2021-10-05 
(603 days ago)
⌛ 1:01:05
📰
Zainboar
082
Today's Stream
📅 2021-10-06 
(602 days ago)
⌛ 0:54:10
📰
ZainboarKartikboar
083
Today's Stream
📅 2021-10-07 
(601 days ago)
⌛ 1:15:04
📰
ZainboarKartikboar
🎬
Strong intro
Today's Stream
ZainboarKartikboar
084
Today's Stream
📅 2021-10-08 
(600 days ago)
⌛ 1:12:59
ZainboarKartikboar
085
Today's Stream
📅 2021-10-10 
(598 days ago)
⌛ 1:17:09
📰
ZainboarKartikboar
🎬
Impossible URL
Today's Stream
ZainboarKartikboar
🎬
Clever devs
Today's Stream
ZainboarKartikboar
086
Today's Stream
📅 2021-10-11 
(597 days ago)
⌛ 1:00:57
📰
ZainboarKartikboar
🎬
Always CORS related problems
Today's Stream
ZainboarKartikboar
🎬
CORS headscratcha
Today's Stream
ZainboarKartikboar
087
Today's Stream
📅 2021-10-12 
(596 days ago)
⌛ 0:51:02
📰
ZainboarKartikboar
088
Today's Stream
📅 2021-10-13 
(595 days ago)
⌛ 1:07:31
📰
ZainboarKartikboar
089
Today's Broadcast
📅 2021-10-14 
(594 days ago)
⌛ 1:07:16
📰
ZainboarKartikboar
090
Today's Stream
📅 2021-10-15 
(593 days ago)
⌛ 1:01:10
📰
Zainboar
091
Today's Stream
📅 2021-10-17 
(591 days ago)
⌛ 1:26:37
📰
ZainboarKartikboarThaneshboar
🎬
Torres Strait Icelander people
Today's Stream
ZainboarKartikboarThaneshboar
092
Today's Stream
📅 2021-10-18 
(590 days ago)
⌛ 1:05:40
📰
ZainboarKartikboarThaneshboar
🎬
Icelander or Islander?
Today's Stream
ZainboarKartikboarThaneshboar
093
Today's Stream
📅 2021-10-19 
(589 days ago)
⌛ 1:01:58
📰
ZainboarThaneshboar
094
Today's Stream
📅 2021-10-20 
(588 days ago)
⌛ 1:04:18
📰
ZainboarKartikboar
095
Today's Stream
📅 2021-10-21 
(587 days ago)
⌛ 1:16:08
📰
ZainboarKartikboarThaneshboar
096
100th Episode
📅 2021-10-23 
(585 days ago)
⌛ 1:13:16
📰
ZainboarKartikboar
097
101/200 Episodes
📅 2021-10-24 
(584 days ago)
⌛ 1:00:53
📰
ZainboarThaneshboar
🎬
Best Practices
101/200 Episodes
ZainboarThaneshboar
098
102/200 Episode
📅 2021-10-25 
(583 days ago)
⌛ 1:09:20
📰
ZainboarKartikboar
099
103/200 Episode
📅 2021-10-26 
(582 days ago)
⌛ 1:10:51
📰
ZainboarKartikboarThaneshboar
100
104/200
📅 2021-10-27 
(581 days ago)
⌛ 1:03:23
📰
ZainboarKartikboar
101
105/200
📅 2021-10-28 
(580 days ago)
⌛ 1:15:24
📰
ZainboarThaneshboar
🎬
ROAR coders
105/200
ZainboarThaneshboar
102
107/200
📅 2021-10-29 
(579 days ago)
⌛ 1:14:04
📰
ZainboarKartikboar
103
109/200
📅 2021-10-31 
(577 days ago)
⌛ 1:11:38
📰
ZainboarKartikboarThaneshboar
104
110/200
📅 2021-11-01 
(576 days ago)
⌛ 1:04:53
📰
ZainboarKartikboar
105
111/200
📅 2021-11-02 
(575 days ago)
⌛ 1:11:33
📰
ZainboarKartikboarThaneshboar
106
112/200
📅 2021-11-03 
(574 days ago)
⌛ 1:00:17
📰
ZainboarKartikboar
🎬
Diagon Alley? What is that kind of fing?
112/200
ZainboarKartikboar
107
113/200
📅 2021-11-04 
(573 days ago)
⌛ 1:03:53
📰
Zainboar
🎬
C.O.D.I.N.G
113/200
Zainboar
108
114/200
📅 2021-11-05 
(572 days ago)
⌛ 0:56:39
Zainboar
109
115/200
📅 2021-11-07 
(570 days ago)
⌛ 1:02:25
📰
ZainboarThaneshboar
🎬
What's testing
115/200
ZainboarThaneshboar
🎬
CORS coders
115/200
ZainboarThaneshboar
110
116/200
📅 2021-11-08 
(569 days ago)
⌛ 1:09:37
📰
ZainboarKartikboar
111
117/200
📅 2021-11-09 
(568 days ago)
⌛ 1:06:25
📰
ZainboarKartikboarThaneshboar
112
118/200
📅 2021-11-10 
(567 days ago)
⌛ 1:02:39
📰
ZainboarKartikboar
113
119/200
📅 2021-11-11 
(566 days ago)
⌛ 1:08:01
📰
ZainboarKartikboarThaneshboar
114
120/200
📅 2021-11-12 
(565 days ago)
⌛ 1:00:14
📰
Zainboar
115
120/200
📅 2021-11-14 
(563 days ago)
⌛ 1:06:19
📰
ZainboarKartikboarThaneshboar
116
122/200
📅 2021-11-15 
(562 days ago)
⌛ 1:00:31
ZainboarKartikboar
117
Today's Stream
📅 2021-11-22 
(555 days ago)
⌛ 1:01:46
📰
KartikboarThaneshboar
118
How This Video Has 12 Views, Explained
📅 2021-11-25 
(552 days ago)
⌛ 0:59:47
KartikboarThaneshboar
119
How This Video Has 14 Views, Explained
📅 2021-11-29 
(548 days ago)
⌛ 1:16:20
📰
KartikboarThaneshboar
120
Special Guest - Torey Littlefield Pt.2
📅 2021-11-30 
(547 days ago)
⌛ 1:12:15
📰
ZainboarToreyboar
121
Today's Stream
📅 2021-12-02 
(545 days ago)
⌛ 1:02:25
KartikboarThaneshboar
122
Today's Stream
📅 2021-12-06 
(541 days ago)
⌛ 1:02:01
📰
KartikboarThaneshboar
123
Today's Broadcast
📅 2021-12-07 
(540 days ago)
⌛ 1:01:00
KartikboarThaneshboar
124
Today's Stream
📅 2021-12-09 
(538 days ago)
⌛ 1:05:48
📰
ZainboarThaneshboar
125
Today's Stream
📅 2021-12-10 
(537 days ago)
⌛ 1:07:15
ZainboarToreyboar
126
Today's Stream
📅 2021-12-12 
(535 days ago)
⌛ 0:12:47
📰
ZainboarThaneshboar
127
Today's Stream
📅 2021-12-12 
(535 days ago)
⌛ 0:50:29
📰
ZainboarThaneshboar
128
Today's Stream
📅 2021-12-13 
(534 days ago)
⌛ 1:02:31
📰
ZainboarKartikboar
129
Today's Stream
📅 2021-12-14 
(533 days ago)
⌛ 1:10:28
📰
ZainboarToreyboar
130
Today's Stream
📅 2021-12-16 
(531 days ago)
⌛ 1:16:51
📰
ZainboarThaneshboar
131
Today's Stream
📅 2021-12-17 
(530 days ago)
⌛ 1:10:59
ZainboarKartikboarToreyboar
132
Today's Stream
📅 2021-12-19 
(528 days ago)
⌛ 1:00:49
📰
Zainboar
133
Today's Stream
📅 2021-12-20 
(527 days ago)
⌛ 1:01:49
📰
ZainboarKartikboar
134
Today's Stream
📅 2021-12-21 
(526 days ago)
⌛ 1:03:43
📰
ZainboarThaneshboar
135
Today's Stream
📅 2021-12-22 
(525 days ago)
⌛ 1:06:30
📰
ZainboarKartikboar
136
Today's Stream
📅 2021-12-23 
(524 days ago)
⌛ 1:00:09
Zainboar
137
Today's Stream
📅 2021-12-26 
(521 days ago)
⌛ 1:17:00
📰
ZainboarThaneshboar
🎬
Fixing and failing
Today's Stream
ZainboarThaneshboar
138
Today's Stream
📅 2021-12-27 
(520 days ago)
⌛ 1:05:22
📰
ZainboarKartikboar
139
Today's Stream
📅 2021-12-28 
(519 days ago)
⌛ 1:16:17
📰
ZainboarToreyboar
140
WebSocket Integration
📅 2021-12-29 
(518 days ago)
⌛ 1:02:44
📰
Zainboar
141
AWS WebSocket API Integration Pt.2
📅 2021-12-30 
(517 days ago)
⌛ 1:08:23
📰
ZainboarToreyboar
142
AWS WebSocket Integration with SAM Pt.3
📅 2022-01-02 
(514 days ago)
⌛ 1:03:18
📰
ZainboarToreyboar
143
Today's Stream
📅 2022-01-03 
(513 days ago)
⌛ 1:07:18
📰
ZainboarKartikboar
144
AWS WebScoket Integration with SAM Pt.4
📅 2022-01-04 
(512 days ago)
⌛ 1:04:18
📰
ZainboarToreyboar
145
AWS WebSocket Integration with SAM Pt.5
📅 2022-01-05 
(511 days ago)
⌛ 1:03:21
📰
ZainboarKartikboar
146
AWS WebSocket Integration with SAM Pt. 6
📅 2022-01-06 
(510 days ago)
⌛ 1:03:18
📰
ZainboarToreyboar
147
Today's Stream
📅 2022-01-07 
(509 days ago)
⌛ 1:11:55
📰
ZainboarToreyboar
148
Connect AWS WebSocket to DynamoDB Pt.1
📅 2022-01-09 
(507 days ago)
⌛ 1:10:25
📰
ZainboarToreyboar
149
Connect AWS WebSocket to DynamoDB
📅 2022-01-10 
(506 days ago)
⌛ 1:02:06
ZainboarKartikboar
150
"Blank Line" Bug In Lambda Response For AWS Websocket Pt.1
📅 2022-01-11 
(505 days ago)
⌛ 0:58:13
📰
ZainboarKartikboarToreyboar
151
"Blank Line" Bug In Lambda Response From Lambda
📅 2022-01-13 
(503 days ago)
⌛ 1:04:40
📰
ZainboarToreyboar
152
AWS WebSocket + Lambda + DynamoDB
📅 2022-01-14 
(502 days ago)
⌛ 1:04:33
📰
ZainboarThaneshboar
153
AWS WebSocket + Lambda + DynamoDB
📅 2022-01-16 
(500 days ago)
⌛ 1:11:37
📰
ZainboarToreyboar
154
Test
📅 2022-01-17 
(499 days ago)
⌛ 1:03:13
📰
ZainboarThaneshboar
155
Today's stre
📅 2022-01-18 
(498 days ago)
⌛ 0:45:24
ZainboarToreyboar
156
AWS Websocket + DyanmoDb + Lambda
📅 2022-01-19 
(497 days ago)
⌛ 1:06:33
📰
ZainboarThaneshboar
🎬
Brown is always better than white
AWS Websocket + DyanmoDb + Lambda
ZainboarThaneshboar
157
Today's Stream
📅 2022-01-20 
(496 days ago)
⌛ 0:57:55
📰
Zainboar
158
Today's Stream
📅 2022-01-21 
(495 days ago)
⌛ 1:02:17
📰
ToreyboarZainboar
159
Today's Stream
📅 2022-01-23 
(493 days ago)
⌛ 1:13:29
📰
ZainboarToreyboar
🎬
Wild street dogs
Today's Stream
ZainboarToreyboar
160
How To Host A Web App using AWS S3 and CloudFront
📅 2022-01-24 
(492 days ago)
⌛ 1:16:15
📰
ZainboarThaneshboar
161
How to Host Web App In AWS S3 using CloudFront, Route53 and CloudFormation
📅 2022-01-25 
(491 days ago)
⌛ 1:01:07
ZainboarToreyboar
162
How to Host Web App Using AWS S3, CloudFront and Route53
📅 2022-01-26 
(490 days ago)
⌛ 1:03:12
ZainboarThaneshboar
🎬
The more you know
How to Host Web App Using AWS S3, CloudFront and Route53
ZainboarThaneshboar
163
How To Host Web App In AWS S3 with Custom Domain
📅 2022-01-27 
(489 days ago)
⌛ 1:08:48
📰
ZainboarToreyboar
164
How To Host Web App In AWS S3 with Custom Domain Using Route 53
📅 2022-01-28 
(488 days ago)
⌛ 1:08:57
📰
ZainboarThaneshboar
🎬
Inactive brain
How To Host Web App In AWS S3 with Custom Domain Using Route 53
ZainboarThaneshboar
165
How To Host Web App In AWS S3 with Custom Domain Using Route 53
📅 2022-01-30 
(486 days ago)
⌛ 0:28:17
Zainboar
166
Today's Broadcast
📅 2022-01-31 
(485 days ago)
⌛ 1:11:16
📰
ThaneshboarToreyboar
167
How To Host Web App In AWS S3 with Custom Domain Using Route 53
📅 2022-02-01 
(484 days ago)
⌛ 1:06:35
📰
ZainboarToreyboar
168
Generate SSL Certificate via AWS Certificate Manager
📅 2022-02-02 
(483 days ago)
⌛ 0:58:02
📰
ZainboarThaneshboar
169
Test AWS Websocket Connection With Multiple Users
📅 2022-02-03 
(482 days ago)
⌛ 1:01:59
📰
ZainboarToreyboar
170
Adding Redirection To The AWS S3 Page
📅 2022-02-04 
(481 days ago)
⌛ 0:25:00
Zainboar
171
Redirecting AWS S3 page
📅 2022-02-06 
(479 days ago)
⌛ 0:54:11
Zainboar
172
Today's Broadcast
📅 2022-02-07 
(478 days ago)
⌛ 1:05:20
📰
ThaneshboarToreyboar
173
Today's Stream
📅 2022-02-08 
(477 days ago)
⌛ 1:05:29
ZainboarToreyboar
174
Today's Stream
📅 2022-02-10 
(475 days ago)
⌛ 1:05:47
ZainboarToreyboar
🎬
No electricity in Bali
Today's Stream
ZainboarToreyboar
175
How To Send Messages To Multiple Clients Through AWS Websocket
📅 2022-02-13 
(472 days ago)
⌛ 1:02:05
ZainboarToreyboar
176
How To CRUD Data Through AWS Websocket with Multiple Clients
📅 2022-02-16 
(469 days ago)
⌛ 1:07:32
ZainboarThaneshboar
177
Today's Stream
📅 2022-02-17 
(468 days ago)
⌛ 0:58:01
ZainboarToreyboar
🎬
Francesco
Today's Stream
ZainboarToreyboar
178
How To Change String Property to Object in AWS SAM and Deploy
📅 2022-02-20 
(465 days ago)
⌛ 1:21:24
ZainboarToreyboar
179
Today's Stream
📅 2022-02-23 
(462 days ago)
⌛ 0:59:43
📰
ZainboarThaneshboar
180
How To HASH A Password using BCRYPT in Node
📅 2022-02-25 
(460 days ago)
⌛ 1:03:48
ZainboarThaneshboar
181
How to Hash Passcode with BCRYPT using Node Pt.2
📅 2022-02-27 
(458 days ago)
⌛ 1:07:59
ZainboarToreyboar
182
Create Passcode UI
📅 2022-02-28 
(457 days ago)
⌛ 1:01:29
📰
ZainboarThaneshboar
183
How To Make FrontEnd Talk to Backend with Node
📅 2022-03-01 
(456 days ago)
⌛ 1:01:33
ZainboarToreyboar
184
How To Positioning A Div
📅 2022-03-04 
(453 days ago)
⌛ 1:09:27
ZainboarToreyboar
185
Today's Stream
📅 2022-03-06 
(451 days ago)
⌛ 1:00:29
Zainboar
186
Today's Stream
📅 2022-03-07 
(450 days ago)
⌛ 0:55:51
ZainboarThaneshboar
187
Today's Stream
📅 2022-03-09 
(448 days ago)
⌛ 1:00:11
ZainboarThaneshboar
188
Compare Hashed Passwords Using Bcryptjs
📅 2022-03-10 
(447 days ago)
⌛ 1:01:31
ZainboarToreyboar
🎬
Indian givers
Compare Hashed Passwords Using Bcryptjs
ZainboarToreyboar
189
Special Appearance
📅 2022-03-11 
(446 days ago)
⌛ 0:58:44
ZainboarThaneshboarKartikboar
190
Today's Stream
📅 2022-03-13 
(444 days ago)
⌛ 1:16:40
ZainboarToreyboar
🎬
Cold coffee, cold tea
Today's Stream
ZainboarToreyboar
191
How To Make Frontend Talk To The Backend - NodeJS
📅 2022-03-14 
(443 days ago)
⌛ 1:07:00
ZainboarThaneshboar
192
Today's Stream
📅 2022-03-15 
(442 days ago)
⌛ 1:05:51
ZainboarToreyboar
193
Today's Stream
📅 2022-03-17 
(440 days ago)
⌛ 1:21:59
ZainboarToreyboar
194
How To Apply Authentication When Saving NodeJs
📅 2022-03-18 
(439 days ago)
⌛ 1:05:27
Zainboar
195
How to Compare Passcodes Using Bcrytp Node.js
📅 2022-03-20 
(437 days ago)
⌛ 1:04:19
ZainboarToreyboar
196
Today's Broadcast
📅 2022-03-21 
(436 days ago)
⌛ 1:06:59
ThaneshboarToreyboar
197
Today's Stream
📅 2022-03-22 
(435 days ago)
⌛ 1:02:51
ZainboarToreyboar
198
Verify Passcode Saving Information to DynamoDB with NodeJs
📅 2022-03-23 
(434 days ago)
⌛ 1:03:09
ZainboarThaneshboar
🎬
Tough questions
Verify Passcode Saving Information to DynamoDB with NodeJs
ZainboarThaneshboar
199
Today's Stream
📅 2022-03-25 
(432 days ago)
⌛ 1:12:27
ZainboarToreyboar
200
Today's Stream
📅 2022-03-27 
(430 days ago)
⌛ 1:14:36
ZainboarToreyboar
201
Today's Stream
📅 2022-03-28 
(429 days ago)
⌛ 1:08:28
ZainboarThaneshboar
202
How To Do A Merge Using VSCode and Github
📅 2022-03-29 
(428 days ago)
⌛ 1:05:33
ZainboarToreyboar
203
Today's Stream
📅 2022-03-30 
(427 days ago)
⌛ 0:57:26
ZainboarThaneshboar
🎬
Tandoor? Wat even iz dat kind of fing
Today's Stream
ZainboarThaneshboar
204
Today's Stream
📅 2022-03-31 
(426 days ago)
⌛ 0:57:10
ZainboarToreyboar
🎬
This is why you don't click ops
Today's Stream
ZainboarToreyboar
205
Today's Stream
📅 2022-04-01 
(425 days ago)
⌛ 1:00:36
Zainboar
206
Today's Stream
📅 2022-04-03 
(423 days ago)
⌛ 1:06:56
ZainboarToreyboar
207
Get Board Columns from Frontend to Backend NodeJS
📅 2022-04-04 
(422 days ago)
⌛ 1:00:38
ZainboarThaneshboarToreyboar
🎬
Bish Bash Bosh
Get Board Columns from Frontend to Backend NodeJS
ZainboarThaneshboarToreyboar
208
Today's Stream
📅 2022-04-05 
(421 days ago)
⌛ 0:57:30
ZainboarToreyboar
209
Today's Stream
📅 2022-04-06 
(420 days ago)
⌛ 0:59:39
ZainboarThaneshboar
🎬
Zip first developer
Today's Stream
ZainboarThaneshboar
210
Today's Stream
📅 2022-04-07 
(419 days ago)
⌛ 1:04:46
Zainboar
🎬
Busted again
Today's Stream
Zainboar
211
Store String Array in DynamoDB using NodeJS
📅 2022-04-08 
(418 days ago)
⌛ 0:19:27
Zainboar
212
Today's Stream
📅 2022-04-10 
(416 days ago)
⌛ 1:07:24
Zainboar
213
Today's Stream
📅 2022-04-11 
(415 days ago)
⌛ 1:02:34
ZainboarThaneshboar
214
Today's Stream
📅 2022-04-12 
(414 days ago)
⌛ 0:27:43
Zainboar
215
Jira Organising & Beta Testing Day 1
📅 2022-04-13 
(413 days ago)
⌛ 0:58:09
ZainboarThaneshboar
216
Implement Passcode Tab Feature
📅 2022-04-17 
(409 days ago)
⌛ 0:58:49
ZainboarToreyboar
217
Beta Testing Fixes Part 2
📅 2022-04-19 
(407 days ago)
⌛ 1:00:24
ZainboarToreyboar
🎬
Torey the stinker
Beta Testing Fixes Part 2
ZainboarToreyboar
218
Beta Testing Fixes Part 3
📅 2022-04-20 
(406 days ago)
⌛ 1:01:02
ZainboarThaneshboar
🎬
Torcoders which are roarers
Beta Testing Fixes Part 3
ZainboarThaneshboar
🎬
Delusional Zain
Beta Testing Fixes Part 3
ZainboarThaneshboar
🎬
Hey guys, torey here
Beta Testing Fixes Part 3
ZainboarThaneshboar
219
Beta Testing Fixes Part 4
📅 2022-04-21 
(405 days ago)
⌛ 1:00:13
ZainboarToreyboar
▶️
Beta Testing 5
📅 2022-04-22 
(404 days ago)
⌛ 1:10:18
ThaneshboarToreyboar
221
Today's Stream
📅 2022-04-25 
(401 days ago)
⌛ 1:01:01
ZainboarThaneshboar
🎬
Zain's going platinum
Today's Stream
ZainboarThaneshboar
🎬
Doggy dog
Today's Stream
ZainboarThaneshboar
222
WebSocket Heartbeat & Thanesh's Farewell
📅 2022-04-27 
(399 days ago)
⌛ 0:51:08
ZainboarThaneshboar
223
Today's Stream
📅 2022-04-28 
(398 days ago)
⌛ 1:00:33
ZainboarToreyboar
224
Save Notes Through Websocket
📅 2022-04-29 
(397 days ago)
⌛ 0:51:30
Zainboar
225
Saving Object Through Websocket in DynamoDB
📅 2022-05-01 
(395 days ago)
⌛ 0:49:15
ZainboarToreyboar
226
Saving Object Through Websocket in DynamoDb
📅 2022-05-02 
(394 days ago)
⌛ 0:55:26
Zainboar
227
Today's Stream
📅 2022-05-05 
(391 days ago)
⌛ 1:01:32
ZainboarToreyboar
228
Welcome Back Kartik Party
📅 2022-05-08 
(388 days ago)
⌛ 0:55:32
ZainboarToreyboarKartikboar
229
Testing Prevention of XSS attack
📅 2022-05-10 
(386 days ago)
⌛ 0:29:16
Zainboar
230
How To Test Prevention XSS Attack
📅 2022-05-11 
(385 days ago)
⌛ 0:40:42
ZainboarKartikboar
🎬
Fartik
How To Test Prevention XSS Attack
ZainboarKartikboar
231
Fixing Websocket
📅 2022-05-19 
(377 days ago)
⌛ 0:49:55
Zainboar
232
Today's Stream
📅 2022-05-20 
(376 days ago)
⌛ 0:56:10
ZainboarKartikboar
233
Today's Stream
📅 2022-05-22 
(374 days ago)
⌛ 0:55:33
Zainboar
🎬
Second Favourite
Today's Stream
Zainboar
🎬
Disco Zain
Today's Stream
Zainboar
234
Today's Stream
📅 2022-05-24 
(372 days ago)
⌛ 0:23:19
Zainboar
235
Websockets bugs
📅 2022-05-27 
(369 days ago)
⌛ 1:00:51
ZainboarKartikboar
236
Websocket Bug Fix
📅 2022-05-29 
(367 days ago)
⌛ 0:49:50
Zainboar
237
Hook Up AWS Websocket
📅 2022-05-30 
(366 days ago)
⌛ 0:48:59
Zainboar
238
Hook up AWS Websocket Pt.2
📅 2022-05-31 
(1 year ago)
⌛ 0:53:07
Zainboar
239
Today's Stream
📅 2022-06-01 
(364 days ago)
⌛ 0:21:05
Zainboar
240
AWS Websocket Bug Fix
📅 2022-06-05 
(360 days ago)
⌛ 0:52:47
Zainboar
241
AWS Websocket Bug Fix Pt.2
📅 2022-06-06 
(359 days ago)
⌛ 0:23:52
Zainboar
242
Hook Up Board Columns to Websockets Nodejs + AWS Websockets
📅 2022-07-27 
(308 days ago)
⌛ 1:00:06
Zainboar
🎬
As you been poopin?
Hook Up Board Columns to Websockets Nodejs + AWS Websockets
Zainboar

Subtitles

0:00:11
[Music]
0:00:26
hey everyone welcome back to uh
0:00:29
another
0:00:30
billboard and fix with your raw coders
0:00:33
tinashe and tori today
0:00:36
um how are you feeling tori
0:00:38
feeling pretty good how about you tanesh
0:00:41
yeah feeling good man
0:00:42
um yeah we hardly get to the show
0:00:45
together so
0:00:46
yeah i know
0:00:48
yeah
0:00:51
one last hurrah
0:00:54
yeah
0:00:56
and i was trying to figure out
0:00:58
oh how do i spell that how do i spell
0:01:00
hurrah
0:01:02
[Music]
0:01:04
i think it's
0:01:05
it's h-o-o-r-a-h
0:01:07
right
0:01:09
that's what my autocomplete told me okay
0:01:14
let's listen through it
0:01:16
sounds right
0:01:18
uh where's zanus um
0:01:21
zayn is uh i think he's busy tonight so
0:01:25
yeah so sorry jumped in thanks to that
0:01:27
tori
0:01:28
absolutely
0:01:30
uh
0:01:32
so i'll just run the acknowledgement of
0:01:34
the country first
0:01:37
i begin today by acknowledging the
0:01:39
traditional custodians of the land on
0:01:41
which we gather today and pay my
0:01:43
respects to the elders past present and
0:01:45
future i extend their respect to
0:01:48
aboriginal and torres strait islander
0:01:50
people here today
0:01:54
um
0:01:56
okay
0:01:57
and
0:01:59
i'll chuck on some music as well
0:02:02
what are you what are you thinking today
0:02:04
uh sorry what sort of music you want to
0:02:06
pick a letter or do you want to just
0:02:07
choose a music
0:02:10
how about t
0:02:11
for the nash
0:02:15
okay let's
0:02:16
be a rock again
0:02:19
oh no
0:02:22
all right rock it up rock and roll
0:02:27
that's a tasty rip
0:02:35
[Music]
0:02:36
okay so
0:02:38
you're probably more up to date than i
0:02:40
am what i what have we got today
0:02:45
uh let's see
0:02:47
yesterday
0:02:49
we were
0:02:51
ended the show by
0:02:55
we were about to test the websocket ping
0:02:59
pong like heartbeat implementation and
0:03:02
[Music]
0:03:03
zayn
0:03:04
[Music]
0:03:05
was about to deploy it but then it was
0:03:07
already late so we just
0:03:09
we just saved it
0:03:11
okay
0:03:15
okay wow you guys already
0:03:19
if you want to we could take today and
0:03:21
do something else if you want
0:03:24
it could be wild now
0:03:32
um
0:03:34
i have nothing in mind so
0:03:38
um
0:03:40
i am very interested as to how gekko did
0:03:42
those attacks though if uh
0:03:45
yeah
0:03:46
you want to look into that then
0:03:49
uh yeah for sure man um let's do it
0:03:53
okay
0:03:54
cool that's that's interesting
0:03:56
that's yeah that's very interesting to
0:03:58
me but yeah
0:04:01
um hey guys dave by the way
0:04:03
yeah hey thanks for joining
0:04:08
us
0:04:09
is that side up right now tori i believe
0:04:13
it is down but i'm not sure i think zayn
0:04:15
said it was down
0:04:17
okay
0:04:21
let's let's see
0:04:27
uh yeah it's it's it's down
0:04:32
maybe maybe he just put the
0:04:36
bucket to private or
0:04:38
unshared it i don't know
0:04:40
maybe
0:04:44
i can't even share my screen tory
0:04:46
because of that that issue that zayn and
0:04:48
i have being on the mac
0:04:51
oh zane managed to fix it i don't know
0:04:53
how though
0:04:54
yeah you just have to restart uh so you
0:04:56
have to go into settings and then untick
0:04:59
it tick it back and then restart google
0:05:01
chrome i can do that if you like or did
0:05:02
you want to up to you if you want to
0:05:04
share your screen you want to
0:05:07
do it go for it i'm happy either way
0:05:10
okay
0:05:12
um in that case give me
0:05:14
one second
0:05:15
sure
0:05:16
i'll wait for mac
0:05:29
so when are you when are you heading out
0:05:31
on on on wednesday is that your last
0:05:33
show
0:05:34
yeah yeah that's right cool it's
0:05:36
definitely last show nice
0:05:39
i heard um
0:05:40
i heard you planning to
0:05:43
to do a stream on your own is that
0:05:44
correct
0:05:46
oh um
0:05:48
maybe
0:05:50
maybe sometime later but i'm i'm not
0:05:53
planning anything in the near term
0:05:55
okay
0:05:56
okay
0:05:58
will it be
0:05:59
if you're thinking i will definitely
0:06:01
invite you on though
0:06:02
okay
0:06:05
i'll be glad to come on man
0:06:08
will it be same sort of style
0:06:10
building a project or
0:06:12
um
0:06:13
um probably
0:06:15
uh
0:06:16
probably just like
0:06:19
if if i was gonna have a show
0:06:23
if if
0:06:24
then i don't know i would probably just
0:06:26
do different formats
0:06:28
just like different
0:06:30
maybe one day building a small project
0:06:34
maybe there's a bigger project
0:06:37
if
0:06:38
but i don't think i would continuously
0:06:40
build like a very large project i'd
0:06:42
probably just do like lots of little
0:06:44
stuff or just have
0:06:46
just have fun talking
0:06:48
or making jokes or something like that
0:06:52
just not not take it too seriously but
0:06:55
also get to like meet people and learn
0:06:57
stuff that sounds fun to me
0:07:00
yes that's cool
0:07:02
um
0:07:06
i think this is
0:07:08
okay give me one sector of people
0:07:12
okay bye
0:07:13
see ya
0:07:18
it's me
0:07:22
it's open
0:07:24
these guys need to give me permission
0:07:32
i'm still a guest
0:07:44
wow this thing takes forever then
0:08:07
okay
0:08:13
okay
0:08:14
i'll entertain the crowd while you were
0:08:16
gone
0:08:17
uh did you
0:08:18
what did you do
0:08:20
the huge crowd i just stared at
0:08:23
stare at the
0:08:24
screen quiet
0:08:26
observe a moment of silence
0:08:38
so
0:08:40
let me maybe we can put the side up
0:08:42
first um
0:08:44
i think i don't know i think that's
0:08:45
gonna be yeah yeah i think the pen i
0:08:48
think the pen tester is here
0:08:52
yeah i think i think the pen testers
0:08:54
here they can help us out the
0:08:56
the pen testing
0:08:58
who's the pentas
0:09:01
um
0:09:02
special audience member
0:09:05
oh yes yes
0:09:10
[Music]
0:09:24
yeah it is very interesting do you
0:09:27
mention something about like um
0:09:31
what do you think it could be right
0:09:34
i have some ideas
0:09:40
i have some
0:09:44
um on the front end
0:09:46
usually one of the most common ways
0:09:51
is using
0:09:52
um
0:09:59
like the inner html
0:10:01
[Music]
0:10:03
method
0:10:05
so setting the inner using inner html to
0:10:10
uh set
0:10:12
uh
0:10:14
some
0:10:15
like attach something to the dom right
0:10:17
so that's that's
0:10:19
that's where like if you're not
0:10:22
extremely careful with that method then
0:10:26
it's very easy to exploit
0:10:28
because you can just
0:10:31
take a
0:10:33
script and attach that script tag to the
0:10:36
dom and then it will be executed if
0:10:40
you've just written a malicious script
0:10:43
that's running
0:10:45
or non-malicious one whatever
0:10:47
like
0:10:49
doesn't always have to be for nefarious
0:10:51
purposes but
0:10:53
but yeah usually that's like a common
0:10:56
exploitation i i think i'm not super
0:10:59
experienced on security or anything my
0:11:02
knowledge is quite limited but
0:11:05
from what i understand in a framework
0:11:07
like react for instance
0:11:10
a lot of that
0:11:13
um
0:11:16
stuff is handled for you in the
0:11:17
framework so that like you don't
0:11:20
accidentally do it and actually in react
0:11:24
if you want to
0:11:26
use
0:11:27
inner html like the method inner html
0:11:31
then it's they actually
0:11:33
call it set
0:11:36
dangerously set inner html
0:11:39
it's called dangerously yeah interesting
0:11:43
because they want you to know like you
0:11:45
sure you're doing this
0:11:48
oh wow
0:11:50
so
0:11:51
here we're using jquery
0:11:55
and i am not entirely certain but jquery
0:11:59
might have some vulnerabilities
0:12:02
um in it or there's or there's something
0:12:06
we're doing too that
0:12:08
we can look through our code to see
0:12:10
where we're using this
0:12:12
inner html or
0:12:14
i don't know if there's other like easy
0:12:18
um
0:12:22
uh
0:12:24
like attack surfaces for like just doing
0:12:28
a simple x
0:12:29
ss attack like from a dom method but i
0:12:32
know inner html is one of those and then
0:12:35
on the back end which is something i
0:12:37
don't i've never actually
0:12:40
um done because i usually just work on
0:12:43
front end but that would be like
0:12:45
sanitizing the back end
0:12:47
right with maybe some sanitization
0:12:50
library
0:12:51
so that when you're getting
0:12:54
some
0:12:55
like
0:12:57
post put delete requests whatever it is
0:13:01
to the backend to store in the database
0:13:04
or in our case like also with the
0:13:06
websockets
0:13:08
when we're sending messages from one
0:13:10
client to another client then we want to
0:13:12
make sure that
0:13:14
any of that is is not some malicious
0:13:18
stuff
0:13:19
right
0:13:21
yeah yeah
0:13:23
now i don't know
0:13:24
how gekko was exactly doing this if he
0:13:27
was actually like
0:13:29
creating notes and then saving them in
0:13:31
dynamodb or if he was just simply like
0:13:35
um
0:13:37
using the websockets to just create a
0:13:39
note and then
0:13:41
every other client is getting it and
0:13:42
then it's like
0:13:44
running that script tag when you get it
0:13:47
but essentially it's a script tag
0:13:50
um
0:13:52
okay are you are you familiar at all
0:13:54
with
0:13:55
xss
0:13:57
no no
0:13:59
cross size scripting
0:14:01
no
0:14:02
oh i should have prefaced that then i'm
0:14:04
not super like i don't know that much
0:14:06
but
0:14:07
it's pretty common um vulnerability
0:14:11
um but basically and there's like
0:14:13
different
0:14:16
different names for the different
0:14:19
like
0:14:22
methods or
0:14:24
or
0:14:26
like targets of the attack but
0:14:30
um one
0:14:32
like the way he's doing it is basically
0:14:35
like
0:14:36
um
0:14:38
if you
0:14:39
uh
0:14:40
if you go to let's see if we can
0:14:42
reproduce it actually that'll be fun
0:14:45
yeah that'll be really cool
0:15:01
um
0:15:20
so let's
0:15:22
let's hope jackdab doesn't
0:15:24
doesn't come and
0:15:26
crash our browsers
0:15:31
um
0:15:33
uh
0:15:34
could you
0:15:35
test one two three so i'm gonna go to
0:15:37
the same board too
0:15:40
all right
0:15:43
and then let's see if i can send you
0:15:48
a
0:15:51
i'm going to create a new
0:15:52
note on my end
0:15:56
oh that's weird why am i getting access
0:15:58
forbidden
0:16:01
on test123
0:16:02
oh i need the index okay nevermind
0:16:21
index
0:16:28
okay i should be
0:16:34
on the board page
0:16:38
huh
0:16:39
can you send me the link to the board
0:16:43
you're getting access tonight
0:16:46
no i'm getting nothing i'm getting a
0:16:48
blank board page
0:16:51
without a name
0:16:54
really
0:16:58
okay put it in the chat
0:17:04
pass one two three
0:17:23
thank you
0:17:27
okay i should be in
0:17:30
so i just created a no
0:17:41
okay
0:17:50
and you can see it just says hi finash
0:17:55
uh
0:17:56
yes yes i can see it okay
0:17:59
so
0:18:02
um
0:18:12
is this
0:18:15
gonna
0:18:16
work i don't know i think
0:18:19
i don't know how to do this but let's
0:18:20
say i
0:18:21
see this
0:18:23
oh
0:18:24
okay so let's say i sent something i
0:18:26
don't know if this is obviously it
0:18:28
didn't work because it would have
0:18:31
created that alert message right
0:18:35
yeah like yes
0:18:37
so like
0:18:39
there's probably another way to write it
0:18:42
so that maybe
0:18:43
this is executable because maybe the way
0:18:46
i have it right now is not
0:18:50
um
0:18:51
but that's kind of like the
0:18:54
basics of it
0:18:56
um and then you don't have to write an
0:18:58
alert like you could do like
0:19:01
you know what what happened to you guys
0:19:03
the other day you got redirected so you
0:19:05
could do like window location history
0:19:09
and then like update your browser's like
0:19:12
window history and then
0:19:14
like have you go to the site or
0:19:16
something
0:19:18
yeah wow that's really cool um
0:19:27
how did he like yeah
0:19:29
what did he do to make it
0:19:32
um
0:19:34
so it executed as well you know what i
0:19:36
mean like is it
0:19:40
yeah um
0:19:42
yeah what you were saying is a bit
0:19:43
complex do you
0:19:45
do you know like what you would have
0:19:47
done like additionally
0:19:49
um have any assuming i'm assuming he did
0:19:53
something along these lines
0:19:56
but maybe he
0:19:59
um but maybe there's another way that
0:20:02
actually
0:20:03
makes the script executable
0:20:06
um i'm not 100 certain on that
0:20:11
um
0:20:14
or
0:20:15
if i or if maybe
0:20:22
yeah i don't know i'd have to look i
0:20:23
actually have to look it up
0:20:27
[Music]
0:20:36
too bad i didn't save it because like
0:20:38
the other day
0:20:39
when he did this like heart attack
0:20:43
the websocket messages and the in the
0:20:45
dev tools
0:20:47
in the chrome dev tools and i could see
0:20:49
the text on the note was the script tag
0:20:52
with like
0:20:54
data and then like new audio which is
0:20:57
like um
0:20:59
the way you create a new audio
0:21:02
object and then it was like playing
0:21:06
um from like some
0:21:10
wave file like online some wave
0:21:13
repository part sounds
0:21:17
oh well okay
0:21:19
yeah
0:21:21
um
0:21:24
it's probably it's probably actually on
0:21:26
youtube but i don't know if you can see
0:21:28
my screen or not on youtube
0:21:32
oh yeah yeah
0:21:35
um
0:21:36
when you sent us the video
0:21:39
i saw i did see that that fart dot wave
0:21:46
i did see that file
0:21:49
yeah
0:21:53
so yeah i guess you're on the right
0:21:55
track like
0:21:59
like it's probably not far off like what
0:22:01
you're saying
0:22:03
make screws
0:22:14
yeah so for instance here's like a
0:22:17
here's like a list
0:22:19
of like different payloads
0:22:21
you can try
0:22:23
to like execute
0:22:25
an attack
0:22:27
there's also resources on on the bottom
0:22:30
that are useful too for like preventing
0:22:32
them
0:22:33
oh okay
0:22:36
cross-site scripting vulnerability yeah
0:22:45
and i think this one in particular would
0:22:47
be called dom based
0:22:50
but i'm not 100 sure about that
0:22:54
i think it's don i think it's called dom
0:22:56
base
0:22:58
okay but like say say to let's say
0:23:01
somebody somebody who's a naughty like a
0:23:04
bad person right
0:23:07
um they
0:23:09
s they they made notes they saved them
0:23:11
to the database right
0:23:13
and then when somebody loads the notes
0:23:16
on the from when they go to the boards
0:23:18
page
0:23:19
it executes these scripts and then it
0:23:22
says like oh
0:23:24
like one of the simpler simpler
0:23:27
ways and easier ways is like
0:23:31
um
0:23:32
[Music]
0:23:34
like execute a script and then it like
0:23:37
goes to some website
0:23:39
and then that website is like malicious
0:23:42
and then it like steals like [ __ ] from
0:23:45
your
0:23:46
from your browser maybe a cookie or
0:23:48
something
0:23:53
[Music]
0:23:58
yeah if it was on like a banking website
0:24:00
let's say for instance like they could
0:24:02
even run a script that could send a
0:24:04
payload
0:24:06
um
0:24:06
to like their api or something if
0:24:09
they're silly
0:24:10
and then like
0:24:12
maybe log your password or your username
0:24:15
whatever
0:24:17
um
0:24:18
true
0:24:20
interesting
0:24:23
do you listen to um darknet diaries by
0:24:26
the way
0:24:27
what is that
0:24:29
dark net diaries
0:24:31
it sounds interesting though
0:24:33
it's a podcast about like they talk
0:24:36
about um
0:24:38
basically
0:24:40
you know
0:24:41
security vulnerabilities and
0:24:43
you know
0:24:44
things that happen
0:24:46
um
0:24:48
in ito
0:24:49
on the internet like you know where
0:24:53
somebody has like kind of exploited
0:24:55
um the system more you know
0:24:58
to get information that sort of thing
0:25:00
it's very interesting podcast
0:25:03
yeah that sounds pretty interesting
0:25:06
yeah
0:25:09
you think
0:25:10
you think he
0:25:11
saved it
0:25:13
yeah
0:25:14
yeah let's try saving it and then see if
0:25:16
you reload it if it executes
0:25:20
yeah i don't know
0:25:36
nothing
0:25:37
no alert
0:25:41
[Music]
0:25:44
yeah something that's actually an issue
0:25:46
is that the some of the notes disappear
0:25:51
i know that's
0:25:52
that's the saving issue
0:25:55
yeah
0:25:56
that's something that's really worth
0:25:58
looking into i think
0:26:01
uh yeah i think i think yeah well that's
0:26:05
another show man you'll have to come
0:26:07
back
0:26:13
well that's interesting though because
0:26:15
now those script tags actually got
0:26:17
removed
0:26:18
yeah that's the i've noticed that yeah
0:26:21
that's why that's why i just wanted to
0:26:22
do it again to see oh
0:26:25
that's an issue but anyways the script
0:26:27
tag did disappear
0:26:31
um
0:26:32
yeah that's very interesting
0:26:35
what if i
0:26:49
and then we
0:26:50
save this
0:27:02
are you saving it
0:27:03
i did
0:27:05
hopefully it's saved
0:27:09
it's gone
0:27:11
yeah it didn't save
0:27:20
so
0:27:21
um
0:27:24
let me uh let me see if i can dig up on
0:27:27
youtube
0:27:29
how we do how
0:27:30
how that or actually if we look in
0:27:33
dynamodb i wonder if any of the notes
0:27:35
are saved with those
0:27:37
tags on it
0:27:39
i don't know which board it was though
0:27:44
uh it should be
0:27:45
oh
0:27:46
yeah that's oh yeah keyword is part
0:27:49
so that's why
0:28:00
first let me look at this one
0:28:06
yeah it removes the script part of it i
0:28:09
wonder
0:28:10
why
0:28:12
maybe that's
0:28:14
maybe jquery does some of it or maybe
0:28:16
dynamodb i don't know
0:28:19
hmm
0:28:20
maybe
0:28:29
well i'm going to the youtube and see if
0:28:32
i can track it down
0:28:37
i don't like i said though i don't know
0:28:38
if i
0:28:40
showed it on my screen
0:28:44
zayn was having a good time though
0:28:47
yes
0:29:00
oh i think i will be able to see it
0:29:04
almost there
0:29:08
i don't know i think i got there oh here
0:29:10
we go yeah
0:29:14
so yeah all it was was
0:29:16
[Music]
0:29:21
huh
0:29:27
yeah it's just
0:29:29
him creating a card
0:29:31
in the web socket
0:29:34
if you want i'll uh
0:29:37
here i'll send you
0:29:41
this with the time
0:29:45
okay
0:29:46
uh start at yeah there we go okay and
0:29:52
there so you can see
0:29:55
there in the youtube
0:29:58
um
0:30:00
the
0:30:01
the text that he's um
0:30:05
got in the note when he creates a card
0:30:07
and it is a script tag
0:30:18
it says script
0:30:20
console log oh he changed console log to
0:30:24
be equal to
0:30:28
a function
0:30:29
[Music]
0:30:31
oh because he's trying to just remove
0:30:35
any console log ability
0:30:38
or something
0:30:39
oh so he's running
0:30:46
jquery on a particular
0:30:49
on the id of the card that was created
0:30:52
no he's hiding
0:30:55
oh he's hiding the card
0:30:59
oh
0:31:00
why not yes
0:31:03
yeah yeah
0:31:04
and then it's the new audio part that's
0:31:07
like the audio api from the browser
0:31:11
um okay
0:31:13
that is just playing it and there's
0:31:15
nothing special about the script tag
0:31:18
it's very simple
0:31:23
okay
0:31:24
so i don't know why our script tag is
0:31:26
not working
0:31:30
hmm writing the card and then
0:31:34
why is he doing these two things though
0:31:36
console log
0:31:38
equals the function and console clear
0:31:42
i think to
0:31:45
console clear
0:31:48
i think it's to
0:31:50
mess with your dev tools so that you
0:31:54
can't log or clear the console is my
0:31:57
guess
0:32:01
oh okay
0:32:03
is my guess but i'm not 100
0:32:05
sure on that
0:32:07
but um
0:32:08
if you just if you have like preserve
0:32:11
log in your dev tools then that does
0:32:14
nothing
0:32:16
like it won't clear your preserved log
0:32:18
in your console which i always have that
0:32:21
on
0:32:22
so i was like yeah
0:32:25
that's why i can see what's going on
0:32:30
what did you
0:32:31
where's that where's the preserved logs
0:32:33
thing
0:32:35
uh if you go to the console and then
0:32:38
you preserve log
0:32:41
if you go to dev tools
0:32:44
and there's
0:32:45
there's an option to select preserve log
0:33:00
uh it's just like
0:33:02
on console
0:33:05
so
0:33:06
if do you have an option yeah there you
0:33:08
go preserve lock yeah go to the settings
0:33:10
yeah that drop yeah
0:33:12
okay
0:33:18
um
0:33:21
so we did
0:33:24
log
0:33:27
equals two
0:33:39
um
0:33:42
the other thing he could have been doing
0:33:44
is just
0:33:46
um
0:33:49
are all the ids of the card the same
0:33:51
yeah so if you look at the video all the
0:33:53
card ids are the same it's one two three
0:33:56
four
0:33:57
so he could also just be sending these
0:33:59
directly through postman or something
0:34:02
just like the object
0:34:05
oh okay or or pie socket or something
0:34:10
so we could we could try that too
0:34:14
you think it'd make a difference yeah
0:34:15
let's try it but maybe because maybe
0:34:18
when you when you type the note like
0:34:20
maybe jquery does some
0:34:23
sanitization of the input
0:34:26
maybe okay
0:34:33
i'm not super familiar with jquery
0:34:41
[Music]
0:34:48
okay
0:35:10
this is obviously
0:35:13
we
0:35:14
need the
0:35:17
i'll just get it off screen
0:35:26
zane probably wouldn't be too pleased
0:35:28
that we're looking into this on show
0:35:30
i'd say
0:35:32
right because in case in case somebody
0:35:34
else kind of copies
0:35:37
um geckdev
0:35:39
oh
0:35:41
well so far so good maybe it's a good
0:35:43
time because it's friday night
0:35:48
yeah
0:35:49
true
0:35:51
hopefully we find out and fix it soon
0:35:54
and then nobody else will
0:35:56
you better do it
0:36:01
yeah well i think ultimately
0:36:03
it'll have to happen
0:36:05
via the back end because
0:36:08
there's no way of
0:36:11
somebody
0:36:12
not using
0:36:15
the
0:36:16
the back end to just send
0:36:19
um
0:36:23
like there's no validation for the
0:36:25
websocket
0:36:26
right
0:36:27
so like anybody can just open up the
0:36:29
websocket
0:36:30
and just start sending messages
0:36:35
if they're already just all they have to
0:36:37
do is just connect to the board via the
0:36:39
browser that'll
0:36:40
save their connection id
0:36:45
right in the browser and then you just
0:36:47
start sending messages either through
0:36:50
the console or just like through like pi
0:36:53
socket or whatever
0:36:55
whatever
0:36:56
or like a tool like a penetration tool
0:37:01
i'm sure a bot can do the same thing
0:37:05
probably yeah
0:37:10
um
0:37:20
so we need i'll just try again for a sec
0:37:33
okay
0:37:34
um we need post right
0:37:36
pause
0:37:53
oops
0:38:08
so
0:38:24
hey could you do me a favor finish and
0:38:26
just create a new card
0:38:29
or just on the board
0:38:31
yeah all you have to do is just create
0:38:33
one i think it'll send me a message
0:38:38
send you a message
0:38:40
yeah through the console i mean it will
0:38:42
like i think i'll get a message
0:38:45
in my console if you just create a note
0:38:51
maybe your websocket timed out
0:39:04
on the same boat
0:39:06
yeah yeah
0:39:08
i'm just
0:39:10
i'm thinking i'll get a message and then
0:39:12
i can just
0:39:16
copy that
0:39:17
yeah i did okay thank you yep
0:39:20
okay
0:39:21
all right now i can just like basically
0:39:24
send this
0:39:26
create card
0:39:29
like jack jab did
0:39:31
okay
0:39:32
through postman
0:39:33
um
0:39:35
i think
0:39:36
i can just actually send it through the
0:39:39
console because i know the function to
0:39:41
dispatch the message
0:39:44
which is called dispatch message
0:39:47
which will send the websocket and i'm
0:39:49
already connected to the websocket
0:39:52
okay so i just need to copy this
0:39:56
can i have a locator if you don't mind
0:39:58
oh yeah yeah sorry
0:40:00
um
0:40:03
all right let me share my screen here
0:40:08
all right
0:40:12
so big time
0:40:14
all right uh can you uh allow my screen
0:40:18
uh yeah yeah okay sure okay so when you
0:40:22
created that card
0:40:24
i got this
0:40:26
note log to my console because i guess
0:40:29
we're logging these
0:40:31
and then here is the data that got
0:40:34
logged which is the action is create
0:40:36
card
0:40:37
and the data is the car data right with
0:40:40
no text
0:40:41
right so i'm just gonna call i'm just
0:40:44
gonna
0:40:44
[Music]
0:40:46
um copy this object
0:40:50
and then i'm gonna go
0:40:54
take that object and i'm gonna write
0:40:58
that script
0:41:04
alert
0:41:07
i
0:41:09
mesh
0:41:12
all right because um
0:41:14
because i'm polite
0:41:16
unless you want unless you want some
0:41:18
parts
0:41:22
um
0:41:22
[Music]
0:41:24
all right let's say
0:41:26
what
0:41:35
all right let's save that
0:41:38
what happened i don't know
0:41:41
um
0:41:46
okay
0:41:46
yeah i'm missing this
0:41:49
right here
0:41:51
oh yeah
0:41:53
nope
0:41:55
still now um
0:41:57
can can you do two different types of uh
0:42:00
of quotation in javascript like do one
0:42:03
with one and then the other one with two
0:42:05
so confused
0:42:07
yeah i think that might be the reason
0:42:09
like this
0:42:11
yeah yeah yeah that saved it right all
0:42:13
right now dispatch
0:42:16
websocket message
0:42:19
i don't remember what the parameters are
0:42:23
let me look in my
0:42:30
dispatch
0:42:32
websocket message action
0:42:35
with a message
0:42:40
and
0:42:41
[Music]
0:42:42
it will get the board id for me so
0:42:45
i think this should work without me
0:42:48
doing anything because we have the
0:42:49
action
0:42:52
oh but we don't have the okay so this
0:42:54
this actually needs to get changed to
0:42:58
from data to message i think
0:43:02
in the in this
0:43:03
card
0:43:05
i think this has to be message
0:43:08
oh okay
0:43:10
what is it um
0:43:16
okay
0:43:17
that's it
0:43:19
okay
0:43:21
and then let's try sending this
0:43:24
card see if that actually works
0:43:28
oh wow yeah it works
0:43:30
that is cool you got a high cash
0:43:33
yeah i did and i don't because it's not
0:43:36
sent to me
0:43:38
i uh weird thing is that i
0:43:42
oh i'll just share my screen for one
0:43:43
second
0:43:45
oh yeah i got it
0:43:46
um i'll send another one
0:43:50
you see i got this whole thing though
0:43:55
unknown action
0:43:58
interesting
0:43:59
oh oh
0:44:01
so that's different then
0:44:03
oh it's different
0:44:05
yeah
0:44:06
um unknown action
0:44:11
huh
0:44:13
so it didn't it didn't work then
0:44:17
it didn't say hi finesse
0:44:21
uh
0:44:23
let's send the whole
0:44:25
thing
0:44:26
but i think you're on the right track
0:44:28
right like you um
0:44:29
that dispatch um
0:44:33
the websocket
0:44:35
that you're using that seems like it's
0:44:37
on the
0:44:39
on the right lines
0:44:41
yeah
0:44:43
um okay let me look i'll look back at
0:44:46
the code again
0:44:50
um
0:44:52
then i gotta figure out how what this
0:44:54
message
0:44:58
should look like
0:45:00
i thought it would look the same as i
0:45:02
send it but i don't remember the code
0:45:06
[ __ ] you'll scream
0:45:13
um
0:45:16
so this is getting
0:45:18
[Music]
0:45:20
used probably a lot
0:45:26
so here's default
0:45:29
oh maybe the action is supposed to be
0:45:32
default then
0:45:35
all right where's the one this is delete
0:45:37
so this is delete card
0:45:41
all right this is
0:45:44
edit a card
0:45:49
this is edit a card
0:45:54
and this is
0:45:56
credit card so the action is not oh so
0:46:00
the there's an action inside the map i
0:46:03
think i kept this because of what was
0:46:05
already there
0:46:07
um the existing code and i think this
0:46:10
worked some reason that i can't remember
0:46:13
with the existing code so inside here we
0:46:16
have the message and that's where we
0:46:18
want that action
0:46:19
with the data so the action in here
0:46:22
inside the message body
0:46:24
is create card and then the data is the
0:46:26
data for the for the note to be created
0:46:30
and then when you receive that
0:46:32
that's basically going to get
0:46:35
looped through the code on the other
0:46:37
side and create the card with that
0:46:41
data
0:46:43
oh okay
0:46:44
i think i get what you mean
0:46:46
because this this is being
0:46:48
i create a card it sends a message
0:46:51
yeah i kept the data the same so that
0:46:54
when
0:46:55
it gets received on the other side by
0:46:58
you for instance then
0:47:00
it's basically going to run this
0:47:01
function with with the information from
0:47:04
from data
0:47:05
which is the id text the x y position
0:47:09
the rotation of the card the color and
0:47:11
the type which i think is
0:47:13
sticky note or something else
0:47:16
and then it just
0:47:18
basically creates that card right there
0:47:22
okay
0:47:23
somewhere
0:47:25
and
0:47:27
somewhere yeah
0:47:28
it does
0:47:29
does something else with this i think
0:47:31
which is why i kept it
0:47:33
because i think this
0:47:35
send action maybe does something i don't
0:47:38
remember it's been a while
0:47:40
this was already here this stuff was
0:47:42
already here oh here's the function i
0:47:45
was looking for so this this function up
0:47:47
here draw a new car this was already
0:47:49
here
0:47:50
just like basically creates the new card
0:47:54
in the dawg that you see
0:47:56
with the text and all the stuff that
0:47:58
came from the parameters
0:48:00
okay
0:48:02
so
0:48:03
i think i just need
0:48:06
to
0:48:09
uh
0:48:12
modify that again because it was
0:48:15
actually just fine the way it was with
0:48:18
the data
0:48:19
action okay
0:48:20
and then in the
0:48:24
oh
0:48:25
unexpected identifier again
0:48:33
action
0:48:36
okay this should be data
0:48:39
there we go hopefully that wow
0:48:42
oh it did save it okay and then dispatch
0:48:47
um and then
0:48:49
here is the action which is default i
0:48:53
guess
0:48:55
and then let's see if this works
0:49:02
missing
0:49:04
oh i'm silly
0:49:07
this is
0:49:11
oh okay
0:49:13
okay
0:49:15
uh so curly brace
0:49:20
and then this is the message
0:49:28
which this has the action and the data
0:49:31
on it so that should be okay
0:49:35
all right did anything happen to you
0:49:38
yes it did and exactly
0:49:40
it's correct now
0:49:42
cool
0:49:45
wow
0:49:48
okay
0:49:49
isn't that fun though
0:49:50
yeah i can imagine all the things you
0:49:53
can do
0:49:54
that's sick yeah i could you could
0:49:56
probably send a script to mine bitcoin
0:49:58
on your like browser right there
0:50:04
that's pretty sick
0:50:06
how
0:50:07
yeah that's awesome like how did he or
0:50:10
how would somebody know though like um
0:50:12
you just test you just test you just
0:50:15
that's what pen testing is about you
0:50:18
just have your tools right and then you
0:50:20
just press the buttons and do different
0:50:22
options and it just maybe it runs
0:50:24
through a whole list
0:50:26
of stuff that is
0:50:28
trying to escape characters or something
0:50:31
because let's say you wrote your own
0:50:32
like
0:50:34
sanitization
0:50:36
function to say hey like if somebody
0:50:38
sends a script tag remove it well
0:50:41
there's probably like other ways too to
0:50:43
escape like
0:50:45
your method of trying to remove it
0:50:48
and then they can just like circumvent
0:50:51
it and
0:50:52
get it working again or some other
0:50:54
vulnerability so that's why there's like
0:50:56
sanitization libraries for this type of
0:50:58
thing
0:50:59
where like it's a whole library
0:51:02
of basically like
0:51:04
trying to remove any any malicious code
0:51:08
when it's sent
0:51:11
um
0:51:13
in the server right when it's received
0:51:15
by the server
0:51:17
like you're saying it will look through
0:51:19
your code to
0:51:20
see it will basically look through
0:51:23
the message yeah like it'll look through
0:51:26
the data that it received in the back
0:51:28
end
0:51:29
and then it will go through it and and
0:51:31
sanitize it
0:51:33
basically removing any malicious code
0:51:36
that or whatever else
0:51:40
somebody could be trying to do
0:51:43
but i've never i've actually never used
0:51:46
i've never used it because i don't do
0:51:48
like
0:51:49
back end stuff
0:51:52
but imagine if somebody two like they
0:51:54
saved
0:51:56
i don't know if dynamodb does anything
0:51:58
by default but imagine if you save
0:52:01
something in dynamodb like a whole
0:52:03
script
0:52:07
yeah in a note like i think you have 400
0:52:10
kilobytes per note like
0:52:13
you could run like a whole application
0:52:15
in there
0:52:18
true
0:52:20
yeah true
0:52:22
sorry like with this with what you just
0:52:24
did like does it have to be only run
0:52:27
in the console or can we
0:52:29
could you do it like
0:52:31
i don't know like tied to like what i
0:52:33
mean is directly creating it here it has
0:52:36
to be only done
0:52:38
on the note right
0:52:40
so it it looks like
0:52:42
when you
0:52:43
[Music]
0:52:44
write on a note
0:52:47
then i think i think alvin
0:52:51
i didn't write like the whole front end
0:52:53
so i don't know but i the note is
0:52:55
created with jquery
0:52:57
and another jquery library so i'm
0:53:00
assuming
0:53:02
that
0:53:04
um
0:53:06
the
0:53:10
library kind of handles some
0:53:12
sanitization for you
0:53:15
like the front end library like react
0:53:17
for instance is the framework like
0:53:19
that'll handle like sanitization of
0:53:23
of inputs
0:53:25
um
0:53:27
from what i understand for you like you
0:53:30
don't really have to think about it but
0:53:33
of course there's always like
0:53:35
new vulnerabilities that could pop up
0:53:37
and have to be patched or something
0:53:41
yeah yeah that makes sense um i did
0:53:44
notice in the code though that
0:53:46
that board header
0:53:49
um
0:53:52
uh the board
0:53:54
header the name of the board
0:53:56
if you look at the client-side code
0:54:01
um i don't know
0:54:03
if you have the
0:54:08
um
0:54:09
and if you go to line
0:54:16
uh
0:54:19
if you go to line
0:54:21
53
0:54:25
you'll see that that
0:54:29
is using inner html
0:54:33
so
0:54:34
let's say
0:54:36
you
0:54:37
in the console could you can actually
0:54:40
change the implementation of this
0:54:42
function right
0:54:43
in the console
0:54:45
because this function is available
0:54:46
globally
0:54:48
so you're saying you would do something
0:54:51
like
0:54:54
so like let's say you wrote a script
0:54:58
yeah
0:54:59
um
0:54:59
[Music]
0:55:01
and then
0:55:02
this is getting
0:55:05
the
0:55:07
board id and
0:55:10
get bored by id okay so it's getting the
0:55:13
name of the board
0:55:15
so actually this could be funny
0:55:18
if you change the name of the board in
0:55:21
dynamodb or something to be like a
0:55:23
script tag
0:55:25
when it sets it when it sets the inner
0:55:27
html like you can run that script tag
0:55:30
right away
0:55:33
word name port id
0:55:36
away um
0:55:39
i think this is getting the board id
0:55:41
from dynamodb is what i'm assuming
0:55:45
or the board name
0:55:46
by the board id and then it's setting
0:55:49
that in the board heading which is the
0:55:51
title of the board so anytime you use
0:55:54
this inner html
0:55:55
that's when you can be incredibly
0:55:57
vulnerable to these like xss attacks
0:56:01
really
0:56:02
yeah like
0:56:04
it will change the board name
0:56:07
right too do we have that functionality
0:56:09
i don't know if we do
0:56:13
if we have one
0:56:14
functionality to
0:56:17
if we created a new board
0:56:19
and named it like script tag blah blah
0:56:21
blah blah blah alert hi tori or hi
0:56:24
finish i wonder if it'll
0:56:26
run that alert when you load the board
0:56:29
page the question is
0:56:31
whether dynamodb will do anything for
0:56:34
you
0:56:36
oh okay that's cool we can quickly test
0:56:38
that now i guess
0:56:40
um
0:56:44
so
0:56:48
that's about it right
0:56:52
and then when you load it like it should
0:56:54
go get the board by the id
0:56:57
and set that board name
0:57:00
but it didn't run it huh
0:57:06
it didn't run it
0:57:08
yeah it didn't run it
0:57:14
hmm
0:57:20
well i think i think there is a way with
0:57:23
inner hd inner html is like
0:57:27
if i remember correctly is like pretty
0:57:30
easy to exploit
0:57:33
okay
0:57:37
yeah
0:57:38
not really sure myself but
0:57:42
[Music]
0:57:44
i did
0:57:46
there's a board here
0:57:57
hmm
0:57:59
why did i not see the board
0:58:02
or
0:58:03
name
0:58:07
did not save
0:58:08
for sure
0:58:16
this board
0:58:20
[Music]
0:58:28
huh
0:58:31
i wonder if dynamodb did some escaping
0:58:35
of of the characters or something
0:58:38
somehow
0:58:41
maybe
0:58:44
because i'm like reading an article and
0:58:46
it seems like that that should work
0:58:51
unless there was a tiny typo we didn't
0:58:53
notice
0:58:56
okay
0:58:59
it's gonna be all these script tags
0:59:01
dynamod
0:59:06
so um
0:59:07
maybe dynamodb
0:59:10
does something
0:59:18
you can you can't find that board in
0:59:19
dynamodb
0:59:22
um
0:59:23
no i couldn't actually
0:59:26
that's weird
0:59:38
cannot read i don't know why i can't
0:59:40
save it either the password's correct
0:59:43
did you
0:59:46
reading send
0:59:49
dispatch websocket message is not valid
0:59:53
that's weird
1:00:00
did you
1:00:01
refresh your page or something
1:00:04
maybe
1:00:09
clear the did you close
1:00:11
close the dev tools
1:00:16
um
1:00:18
it shouldn't make a difference right i
1:00:20
mean
1:00:21
i wonder if you accidentally like
1:00:22
changed
1:00:25
some function
1:00:28
this is on the live page though
1:00:34
no i mean in the well you can override
1:00:36
them in the console
1:00:39
oh you mean like that oh i'll go and
1:00:42
input needle then and then
1:00:44
see
1:00:47
well if you close the dev tools and
1:00:48
refresh the page you should you'll be
1:00:50
fine like
1:00:52
yeah it'll it'll
1:00:54
it'll refresh him
1:00:58
it's kind of like when you edit the css
1:01:00
or something
1:01:05
oh yeah i get what you mean yeah but i
1:01:08
already did that so
1:01:10
i don't know
1:01:36
you see this story failed to reload
1:01:37
resource
1:01:39
this ever responded with the status of
1:01:40
all i feel like it doesn't allow you
1:01:44
i feel like maybe maybe dynamodb doesn't
1:01:46
allow it we've made it angry
1:01:49
yeah
1:01:51
interesting
1:01:55
yeah let me let me just try different
1:01:58
name just to be sure
1:02:10
so
1:02:30
yeah yeah it doesn't allow it that's
1:02:32
cool
1:02:34
what what doesn't it allow
1:02:36
um the script tags
1:02:39
it seems like
1:02:40
yeah it doesn't allow you to do it and
1:02:42
then so i've just tried this one it
1:02:44
works so
1:02:45
oh
1:02:46
okay
1:02:47
that's pretty cool it protects you
1:02:52
so that's
1:02:54
that's pretty nice then
1:02:59
all right sorry i'm should we call it a
1:03:01
night that
1:03:04
um
1:03:09
uh wait could you just go back to that
1:03:11
page real quick
1:03:13
okay
1:03:15
[Music]
1:03:21
[Laughter]
1:03:25
you had to do it yeah
1:03:30
that's what i was doing the last three
1:03:32
minutes i was like oh let me find
1:03:37
so you just me was just sending a bunch
1:03:39
of those
1:03:41
like it was crazy my cheeks hurt man
1:03:53
oh it's fun it's a it's such a funny you
1:03:55
know it's i'm glad it was such a fun way
1:03:58
to learn about security
1:04:00
true true
1:04:02
that's very interesting like i didn't
1:04:03
didn't know it's possible
1:04:06
uh yeah it's pretty cool huh yeah
1:04:08
pretty scary too when like you create
1:04:10
your own application
1:04:13
true
1:04:14
like oh man i hope
1:04:16
i was so nervous about that whenever i'm
1:04:19
developing an application i'm like
1:04:23
but of course nobody nobody uses
1:04:26
anything it's just me
1:04:32
um
1:04:34
yeah it's things you don't really think
1:04:36
about you know like
1:04:39
yeah you never really think about it
1:04:42
but um i wonder if you can do it on the
1:04:44
actual like on the original scramble to
1:04:46
be honest
1:04:49
maybe with some effort you'd be able to
1:04:51
figure yeah maybe with some effort yeah
1:04:53
like these like tools like
1:04:56
um
1:04:57
like these pen testing tools
1:05:00
uh for for instance which are just like
1:05:03
a suite of tools like a penetration
1:05:05
tester will just
1:05:06
whip up their tools or
1:05:09
and that would just be like the starting
1:05:11
point and then they can just like
1:05:13
literally go through the checklist of
1:05:15
tools like scanning
1:05:17
uh
1:05:19
scanning like different parts of the
1:05:21
page with known vulnerabilities like
1:05:24
lists
1:05:25
and just checking for things on your
1:05:28
page
1:05:29
um
1:05:30
or through your whole website kind of
1:05:33
like in almost
1:05:34
a mostly automated way and i'm sure bots
1:05:37
can pretty much do the same thing
1:05:40
yeah
1:05:40
um
1:05:41
and then of course like that would
1:05:43
probably just be the first layer like
1:05:45
people know like what they're doing
1:05:50
you know these black hat white hat gray
1:05:52
hat blah blah blah like and they're
1:05:54
smart because they know how to exploit
1:05:56
vulnerabilities
1:05:58
even in code like some of these
1:06:01
code exploitations i just i see them on
1:06:04
like depend about or
1:06:06
and i don't understand okay whatever
1:06:09
like
1:06:10
i don't know how you do that but cool
1:06:14
yeah yeah
1:06:16
um i was listening to um
1:06:20
like darknet diaries today as well but
1:06:22
anyways that's this um
1:06:24
one of the podcasts we were talking
1:06:25
about how
1:06:27
some people's like
1:06:30
obviously there's like people who find
1:06:32
this exploits and they're like
1:06:34
they're like good people who like um
1:06:38
who reveal it to the world and you know
1:06:39
that sort of thing but it's also like
1:06:40
people find it
1:06:42
and
1:06:43
they
1:06:44
kind of um
1:06:46
they you know they sell it to to other
1:06:49
people for like a lot of money
1:06:52
so
1:06:53
yeah it's very interesting
1:06:55
yeah yeah i know
1:06:58
you
1:06:58
can um
1:07:00
the other thing too that's crazy is that
1:07:02
actually revealing an exploit
1:07:05
can actually put you in jeopardy
1:07:09
even if you're trying to be a good
1:07:10
person
1:07:12
um if if you know there's some
1:07:15
vulnerability or something and the
1:07:18
company
1:07:19
let's say the company doesn't have a bug
1:07:21
bounty for such thing you could actually
1:07:23
get in trouble even if you're just like
1:07:25
reporting it which is kind of nuts but
1:07:29
at the same time it kind of makes sense
1:07:31
in a way because
1:07:32
you could like i could be going on
1:07:34
websites right now just like checking
1:07:36
things trying to
1:07:38
hack it right
1:07:39
and like technically i think in most
1:07:41
places that's illegal
1:07:44
at least to a certain extent so like
1:07:48
yeah kind of a gray area
1:07:50
wow
1:07:54
interesting okay sorry um
1:07:57
yeah
1:08:00
call it a night for the show
1:08:02
cool thanks everyone for joining us on
1:08:04
uh another episode of bill break and fix
1:08:07
this is
1:08:09
uh toriya nice
1:08:11
um i would say
1:08:13
last episode for the time being
1:08:15
um
1:08:17
sadly yeah
1:08:19
um
1:08:21
it was a fun one agreed um
1:08:25
yeah we all got to
1:08:27
fart sure part exploitation how the fire
1:08:30
ex pushed it
1:08:31
you could explore the thought
1:08:33
exploitation
1:08:34
um
1:08:36
yeah and
1:08:37
uh you know we
1:08:39
what do we do to do it do we the use the
1:08:42
websocket function right essentially to
1:08:44
yeah we just send a the message in the
1:08:46
websocket which
1:08:49
on the back end
1:08:50
so
1:08:51
basically in short
1:08:53
the websocket gets sent to aws api
1:08:56
gateway
1:08:57
with the message from the whatever we're
1:08:59
sending it and then that spins up our
1:09:02
lambda which then gets that message
1:09:05
takes the text from the note or whatever
1:09:08
other things we're sending
1:09:10
and then it gets all the connection ids
1:09:14
in the database who are connected to
1:09:16
that particular board and then
1:09:18
broadcasts that message to all of them
1:09:22
the problem is
1:09:23
none of it is sanitized and it's all
1:09:26
open it's not authenticated so you could
1:09:28
send whatever you want in there
1:09:32
yeah
1:09:33
so actually that's really on our part
1:09:34
that's something we need to fix don't we
1:09:36
like um oh yeah yeah
1:09:39
yeah
1:09:40
okay
1:09:41
um so
1:09:44
yeah
1:09:46
one for the for the jira board
1:09:49
so yeah guys if you want to check out
1:09:52
more of this and you know when we get to
1:09:54
the fix at
1:09:55
a later stage
1:09:57
make sure you join us um
1:09:59
same time same place and
1:10:03
different tasks
1:10:06
cool
1:10:07
thanks everyone
1:10:08
thanks everyone have a great night
1:10:14
oh good job man turn it up