Hacker News

4123 readers
3 users here now

This community serves to share top posts on Hacker News with the wider fediverse.

Rules0. Keep it legal

  1. Keep it civil and SFW
  2. Keep it safe for members of marginalised groups

founded 1 year ago
MODERATORS
51
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

52
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

53
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

54
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

55
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

56
 
 

I recently dipped my toes into bug bounty hunting and finding security flaws in web applications. As a friend of UNIX shells I was building a repertoire of command line tools to make and analyze HTTP requests. Fortunately there are already many suitable tools like curl, jq, different fuzzers and some really nice tools for specific tasks by Tom Hudson [1].

However, I disliked that the existing fuzzers were monoliths where I had no easy way of creating custom behavior or analyses. They commonly do a multitude of things: Create multiple requests using one or more wordlist, sending the request, possibly with rate limiting, displaying progress, applying filters to the received responses and storing the output. If you want something different from the offered features, for example custom delays between requests or a new filter for the responses, your only option is to dig into a moderately large code base and try to adapt it to your needs.

I am a fan of the UNIX philosophy and felt like it could help out here. If there was a common format for communicating HTTP requests and responses, an ecosystem of small, specialized tools could use it to work together and fulfill tasks like fuzzing, while allowing the user to easily create custom behavior by combining the existing tools in different ways or adding small, quick to write tools to the ecosystem.

This is what I've attempted with the httpipe format [2]. It is a line based JSON format for exchanging HTTP requests and responses. I have also built some first tools using this format, namely pfuzz [3] for creating HTTP requests from wordlists, preq [4] for sending HTTP requests and receiving their responses and hpstat [5] for filtering the responses by their HTTP status codes. Since it's a line based format, many UNIX tools can be used with it as well and since each line is JSON, jq can also be used for manipulation, filtering and displaying.

[1] https://github.com/tomnomnom

[2] https://github.com/codesoap/httpipe

[3] https://github.com/codesoap/pfuzz

[4] https://github.com/codesoap/preq

[5] https://github.com/codesoap/hpstat


There is a discussion on Hacker News, but feel free to comment here as well.

57
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

58
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

59
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

60
 
 

Nutri is still in beta and the GPT-powered results are sometimes inaccurate. The nutrient information accuracy is good to get an overview, but there are still outliers at times. I'm looking to improve the accuracy through food databases. Furthermore, I'd like to add additional tips for combining / preparing food to improve its nutritional value. For example, iron absorption is improved through vitamin C, so combine chickpeas or leafy greens with lemon. Or combine beans with rice to get all amino acids.

On the UX side, I'd like to integrate a QR code on the desktop version to easily upload receipts through the phone. Furthermore, it would be great to have analytics over weeks on nutrient improvements over time. Nutri could also be a great accountability partner to track items high in sugar / processed foods.

What do you think?


There is a discussion on Hacker News, but feel free to comment here as well.

61
4
The Future of Memory (semiengineering.com)
submitted 10 months ago by [email protected] to c/[email protected]
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

62
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

63
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

64
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

65
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

66
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

67
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

68
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

69
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

70
13
Collision Detection (www.jeffreythompson.org)
submitted 10 months ago by [email protected] to c/[email protected]
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

71
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

72
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

73
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

74
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

75
 
 

There is a discussion on Hacker News, but feel free to comment here as well.

view more: ‹ prev next ›