Hackvertor API

Over the weekend Stefano Di Paola broke my JSReg sandbox with some awesome vectors in particular the Opera one. He took my challenge after I laid down the gauntlet on the web app sec list. If you have some sandbox you want breaking, some Flash you need testing or general pen test work you should hire this guy he is awesome.

I patched JSReg by removing the prototype, callee, caller from the allowed properties, hopefully this will stop future attacks using this method until I can work out a way to use these safely. Then I got a bunch of great suggestions from Thornmaker and SDC, that made so much sense I reworked the recent Hackvertor code to modify the Object protoype. So now Hackvertor tags can call each other easily using this method for example:-


The API is extended further where you can include data and share it across tags, this is super useful when creating a standard list of XSS vectors, Unicode characters, shellcode whatever you like! First the example shows how a tag can be used to return array data. The second example shows how you can use this data within tags.

Data sample
Using the data

What’s great about this is that the data can also now be used externally, you can embed the sandbox from an external site and use your data. Of course using untrusted tags poses a risk that I’ll need to account for but if you only use your own tags it should be pretty safe to use them for fuzzers or other data.

Here is how to embed my version of Hackvertor tags:-

<script src="http://hackvertor.co.uk/export?id=1"></script>
<script type="text/javascript">
window.onload = function() {
parser = JSReg.create();
try {										
		parser.extendObject('$HV$',(function(tags) { 
				return function(tagName, args) {							
					if(!tags.hasOwnProperty(tagName)) {
						return null;

					return tags[tagName].execTag(this,function(output){ return output; },args);							
	catch (e) {	

At the moment Hackvertor doesn’t have all the tags the previous one had yet but why not help out and build a security tool together in the first coding social network.

2 Responses to “Hackvertor API”

  1. thornmaker writes:

    so how about adding ‘abc’.HV(‘reverse’).HV(‘base64’,Array(‘encode’))
    syntax to the main screen too? tags are nice, but this would be faster for people that know what their doing 😀

  2. Gareth Heyes writes:

    I’ve put a help screen in the menu now but any suggestions to make it easier would be great. I might do a tag library feature where you can point and click tags when developing a new tag maybe I’ll do it over the weekend 🙂