The interwebs? You can hack that?.


  • Postman
    Postman is the swiss-army knife communicating with websites.
    With Postman you can hand-craft every packet sent to a web server, so you can exploit to your hearts desire.
    NOTE: The original Postman was a google chrome app but was deprecated and made into a standalone program.
    Along with this extension was Interceptor, a google chrome app that would allow postman to use all the real requests you make to websites and allow you to edit them directly.
    This takes a lot of hassle out of making the packet yourself, the only downside is the new-flashy postman doesn't support it.
    FYI, I use both.

  • Burp Suite
    If Postman is the swiss-army knife of communicating with websites, then Burp-Suite is the swiss-army knife of intercepting web traffic.
    Burp Suite does everything you've ever wanted to do to a website. It's got a proxy, web-crawler, brute-forcer, spider etc.
    The most used tool for CTF challenges is it's proxy. You can get pretty far with just intercepting your own web traffic and manipulating it on the fly.


  • URL Encoding
    When delving deeper into web you'll come across URL Encoded strings.
    This is a quick reference guide for getting some use out of em'.

  • HTML Entities
    HTML Entities are another form of encoding you'll eventually see.

  • html5sec
    Html5sec is a great reference for all kinds of web hacking.