Hacker Tools

Web and browsers, security and privacy

Slides

https://nushackers.github.io/hackertools-slides/2020ht4/

Brief overview

  • Browsers and the web
  • Security and privacy

Browsers and the web

Keyboard shortcuts

  • C-t: new tab
  • C-T: reopen closed tab
  • C(-Shift)-Tab: change tab
  • C-l/M-d/F6: jump to address bar
  • C-f: search in page
  • C-w/C-F4/Middle-click: close tab
  • F12/C-M-i (Mac): developer tools

More: Firefox; Chrome

Google search operators

  • "X": must appear and must appear exactly
  • site:xyz.com: results from xyz.com only
  • filetype:xyz: xyz filetype only
  • define:xyz: define xyz

More: Google docs; External docs

Bookmark keywords (FF)

Custom search engines

Custom search engines

(FF) Container tabs

Long press the +

Chromium profiles

Chromium profiles

(FF) about:config tweaks

  • dom.select_events.enabled: false
    stop websites from disallowing highlighting text
  • dom.event.clipboardevents.enabled: false
    stop websites from disallowing copying/pasting
  • dom.event.contextmenu.enabled: false
    stop websites from disallowing right-click (caveat: websites' custom context menus are disabled)
    In FF, Shift+RightClick overrides.

Developer tools

Not only useful for development; can be used for one-off scraping, removing annoyances, etc

  • Downloading images/videos e.g. Flickr
  • Scraping (with JS)
  • Debugging why something isn't working

Bookmarklets

Bookmarks, but the URL starts with javascript:

Snippets of JavaScript to do stuff. E.g.

Browser extensions

User scripts

Like bookmarklets on steroids

Scripts that automatically run on each page load

Some useful scripts:

Automation with user scripts

// ==UserScript==
// @name Example
// @match https://www.google.com/webhp
// ==/UserScript==

let searchbox = document.getElementsByName("q")[0];
searchbox.value = "Hello";
searchbox.form.submit();

Useful web APIs

Quick notifications with Telegram

curl -L 'https://api.telegram.org/bot<TOKEN>/sendMessage?chat_id=<CHAT ID>&text=Build+completed.

Extras

Automation with Selenium

Security and privacy

Some security blogs

Troy Hunt

Decent Security

Know your threat model

Government? Random person getting hold of your laptop?

There's always a tradeoff when you make things more secure

Have I Been Pwned

Password managers

  • KeePass: open-source, offline, .NET
  • KeePassXC: open-source, C++ port of above (works better for Linux/Mac)
  • pass: open-source, CLI, GPG-based
  • Bitwarden: open-source, self-hostable cloud based (also see bitwarden_rs)
  • 1Password: commercial 👎, cloud-based
  • LastPass: commercial 👎, cloud-based

Full-disk encryption

Protect your data at rest

  • Windows: BitLocker (only available on Pro)
  • Linux: LUKS/dm-crypt
  • macOS: FileVault
  • Cross-platform: VeraCrypt

Plausible deniability

File-based encryption

Protect individual files

VPN services (paid)

Protect your online privacy

Comparison table

VPN software

Run your own VPN

Setting up a server is out of scope. Here are some guides: OpenVPN, WireGuard

WireGuard is a very modern (but very new) VPN. If you are setting up a new VPN, and it meets your needs, use it!

Messengers

There are many other messengers but most offer no privacy at all.

See privacytools.io for more privacy-focused alternatives to common software.

You could consider reducing your dependency on Google, for example, by moving to a different email provider.

PCs are unsafe

Mobile phones nowadays have better isolation

Thank you! Questions?

Feedback: bit.ly/2020ht4