TruffleHog Chrome Extension

Open CORS in SAAS API's lead to leaky keys on web pages

About the Speaker

Dylan has been involved in the infosec community for a few years now. He’s open sourced a number of popular tools including Trufflehog, and has spoken at a few conferences including but not limited to, Kiwicon, BsidesSF, Defcon/Blackhat, Torcon, and others.

Abstract

This talk is open sourcing a chrome extension that helps you find API keys buried on the page. Dylan will also have a few fun examples of keys he has found, and walk folks through how to use the tool.

Video