Example Name.
I'm J707 — a web app pentester focused on HTTP desync and edge case parser discrepancys. BSCP-certified, bug-bounty background.
POST /checkout HTTP/1.1 Host: target.example Content-Length: 6 Transfer-Encoding: chunked Connection: keep-alive 0 G# front-end reads CL, back-end reads TE — smuggled bytes land in the next request
About
Several years of independent bug bounty work concentrated on web application security, with most of the PortSwigger Web Security Academy labs completed and a Burp Suite Certified Practitioner (BSCP) certification. Currently building toward a corporate/consultancy pentesting role, with a portfolio centered on original desync and parser discrepancy research rather than submission counts.
Tooling
rs_auto
Asyncio HTTP request smuggling scanner targeting novel and edge-case desync vectors excluded from standard tooling, with cross-connection follow-up probes.
python · asynciocsd2
Analyzes JavaScript for client-side desync (CSD) exploitability signals — low-noise, high-signal, scoped to the target's registrable domain.
pythonsecret_recon
JS-focused recon and secret-discovery pipeline chaining trufflehog, katana, hakrawler, gau, ffuf, and jsluice with per-host attribution.
python · reconhttp1.1
ALPN and keep-alive probing at scale, used to triage large scope lists down to viable CSD/smuggling candidates.
python · cliRecent writeups
// no writeups published yet — see writeups.html