Test out this concept with a lab I helped develop at https://app.hackinghub.io/surl I was hacking on a bug bounty program recently and discovered that the website is signing every request, preventing you from modifying the URL, including GET parameter values. I wanted to discover how they were doing this and find a way around it. … Continue reading Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript