200 ukufunda

Yintoni kwi-Rookie Mistakes ukuya kwi-New Feature: I-Wildest Week ye-My Passion Project

nge Glenn Rodney4m2025/07/07
Read on Terminal Reader
tldt arrow
en-flagENko-flagKOde-flagDEes-flagESja-flagJAsw-flagSWit-flagITmk-flagMKxh-flagXHlo-flagLOzu-flagZUta-flagTAuk-flagUK
XH

Inde kakhulu; Ukufunda

Kuwguap ngumngcali we-RAWPA, umncedisi we-penetration testing. I-project yayo ye-passion iye yabaqhutywa ngokupheleleyo emzimbeni yayo, kwaye awukwazi ukufumana kwakhona ngexesha elinye. Uya kubhalwe malunga neengxaki zayo kunye ne-madness ebangela yonke into.
featured image - Yintoni kwi-Rookie Mistakes ukuya kwi-New Feature: I-Wildest Week ye-My Passion Project
Glenn Rodney HackerNoon profile picture
0-item

Hey HackerNoon, Kuwguap apha.


Ndingathanda njani? Ngaba iingcebiso kwiintsuku ezimbini. Ndiya, iingcebiso zeeyunivesithi. Yintoni ndingathanda malunga 24/7? RAWPA(I-Penetration Testing Assistant). Iprojekthi yami ye-passion iye iye iye iye iye iye iye iye iye iye iye iye iye.


Ngoko ke, xa ndingathanda ukufumana iingcebiso zofundiso, ndingathanda ukuba ndingathanda wena kwi-driving yokuzonwabisa kwiiveki ezidlulileyo ezidlulileyo. Phambi ndingathanda kwi-bugs kunye ne-function entsha, ndingathanda ukuba - ndingathanda ngokwenene ndingathanda iingcebiso yokuqala kwinkalo ye-tech ye-debugging.


Kwimeko yokufumana iingxaki kuphela; kwimeko yokufunda iingxaki, ukufumana kunye nokuphumelela. I-superpower. I-cool ye-create something new, kodwa ukufumana ukuba ukuguqulwa into ebomvu - ukuba i-code yakho okanye i-target system - nto leyo i-magic efanelekileyo.


Nangona kunjalo, nathi siphinde kwimiphumo kunye ne-madness.

I-My First Mistake: I-Responsive Yintoni? UI

Nqakraza kunye ne-rookie mistake eyenziwe kwakhona. Ngaba awukwazi ukuvelisa i-UI / i-UX yokuqala ngaphambi kweeprojekthi. Ndiyathanda iividiyo ezimbini ze-YouTube, i-Whimsical (i-tool eyenziwa ngokuba yi-wireframing), kwaye ndiqala nje ... ukuvelisa.RAWPA login vs Whimsical login

Akukho umgangatho we-device. Akukho ubungakanani we-screen elifanelekileyo. I-rectangles kuphela kwi-screen. I-PC ye-development yam ndingathanda kakuhle, ngoko ndingathanda, "I-Ship it!" Emva kwemizuzu embalwa, i-tester ebonakalisa ngokufanelekileyo ukuba i-visuage ye-mobile yabaqhathaniswa ngokupheleleyo. Ndidlulanga iintsuku ezimbini ezininzi ukuxolisa le ngempumelelo kunye nokwenza i-app efanelekileyo kakhulu. I-Lesson yaziwa: uyifunda zonke i-screens ukususela ngosuku lokuqala.

I-Bug Eyenza I-RAWPA Down

Kwaye ngaphandle ... malunga namhlanje, ndingathanda iimpawu kwi-RAWPA ezikhoyo. Ama-methodologies abaqhutywa, kwaye iinkcukacha ezininzi ziyafumaneka. Umxokozelo omnqweno we-console wabelane umzekelo:

FirebaseError: [code=resource-exhausted]: Quota exceeded.


Ndingathanda16,000 reads and 20,000 writesngosuku eyodwa. Yinto zonke iinkcukacha ezamahala kwi-Firebase. Nge-33 abasebenzisi kuphela, le yaba ingxaki. Ndingathanda. Ndingathanda ngosuku yokuba iinkcukacha ziye zithintela, okanye ingathanda i-hat ye-detective kunye ne-debug.Firestore quota reached

The culprit? A series of logical bugs ezidala ukususela ngexesha lokugqibela yokubhalisa.

  1. The Infinite Loop: I had created a function that continuously checked Firestore for updates, in case I used my admin panel to disable a methodology. It was a dumb, brute-force way to solve a problem, and it was hammering the database.


  2. Sleepy-Dev Syndrome: The new feature I was building needed to save its state. Instead of using localStorage for frequent, small updates, I was writing to Firestore on every single change. Why? Because I was sleepy and not thinking straight.


Ngaphezu kwalokho, le app yenza zonke iinkonzo zeFirestore kwi-startup, yenza inqwelo elidluleleyo ixesha lokugqibela - nganye ukuya kwiiyure ze-10. Ndingathanda ukuba le ngxaki ilawula nge-Cache efana ne-Redis, kodwa ndingathanda. Yeyiphi na ingxaki engaphezu kwe-complexity kunye nokukhuthaza izinto kwi-Vercel, ebonakalayo i-API ye-12 kwi-free plan.


Ndingathanda njani? Ndingathanda nangona kunjalo. NdingathandaUpstash RedisNgamanye amaxesha, ndibandakanya iingxaki ze-environment, yenza iingxaki eziliqela, kwaye i-boom-i-speed iyasetyenziswa kakhulu. Ngamanye amaxesha, ndingathanda ukuba ndiza kuqala ne-Next.js, kodwa emva kokuphumelela kwexesha le-migration, ndiyabandakanya kunye ne-React + Vite i-setup kunye nokwenza ukusebenza.Upstash console

I-New Feature, Born From A Real Pentest

Ngoko ke, yintoni i-characteristic entsha ngathi ndiza zibonisa yonke into?


Iqala ngexesha ngexabiso kwi-target ye-HackerOne. Ndingasebenzisa i-AAweRT yam, ukuba i-recon kwaye ndingathanda ukuba inqubo yam yobungcali iye yandiswa ngokupheleleyo ukususela ekwenzeni i-RAWPA. Ndingathanda i-subdomains ze-79. Ngaphandle kokusebenzisa isixhobo se-automated efana ne-Eyewitness, ndingathanda ngexabiso ngexabiso (ngazi, ndingathanda ingxaki).


Ndicinga i-endpoints eziqhelekileyo kunye neengxaki ze-potencial, kodwa ayikho indlela efanelekileyo yokufunda kubo ngaphandle kokuphumelela kwi-think yokuqala.


Ukubonisa iHunter's Board.

Hunter's Board

Kuyinto ibhodi Kanban-style eyenziwe ngqo kwi-RAWPA, yenzelwe ngokufanelekileyo. Uyakwazi ukuvelisa amakhadi ngenxa yintoni na: iidolobha, iindlela, iziphumo, iingcebiso, iingcebiso ze-code, izixhobo, uyazi.


Xa ndicinga le 79 subdomains, ndandisa le board. Ndingathanda i-parameter yokufunda engaphilisiweyo kwi-endpoint enye - i-bypass ye- UTF-8 filter - kwaye ngokuzenzakalelayo i-card yayo, ukongezelela i-link kunye neengxelo zayo. Inyanini... i-clicked.


The Hunter's Board is now live on the site! Ungathola ngoku.


Njengomva wokugqibela ngokukhawuleza, i-I've temporarily removedRAWPA AIiimvelisoPentest Orchestratoriimveliso. Ngaba kufuneka i-optimize kunye nokuguqula iinkcukacha ze-backend ngaphambi kokufanelekileyo kwimeko yokuqala, kwaye ndingathanda ukuba umxholo wokusetyenziswa ngempumelelo.


Ndingathanda ukuba ndingathanda izifundo kwiintsuku ezimbini? Ugh. Ndingathanda ukulayisha iinkcukacha ezininzi ngaphambi kokufumana ukufundisa.


Kwixesha elilandelayo, khumbula ukuba i-RAWPA yiprojekthi ye-community. Ukuba unayo iingcamango, i-feedback, okanye ufuna ukuncedisa, usebenzisa i-Function "Contribute" kwi sayithi okanye uqhagamshelane nathi kwiUkucinga. Qhagamshelana nenkqubo athttps://rawpa.vercel.app/.


Umzimba uqala nje.

Augment Code
L O A D I N G
. . . comments & more!

About Author

Glenn Rodney HackerNoon profile picture
Glenn Rodney@kuwguap
From Big dreams to reality
Read my stories

ZIJONGE IIMPAWU

purcat-imgprogramming#debugging#cybersecurity#bug-bounty#penetration-testing#kanban-project-management#firebase#rawpa#hackernoon-top-story

ELI NQAKU LINIKEZELWE KU...

Read on Terminal Reader Terminal
Read this story w/o Javascript Lite
Also published here

AMABALI ENXULUMENEYO

Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas

Trending Topics

blockchaincryptocurrencyhackernoon-top-storyprogrammingsoftware-developmenttechnologystartuphackernoon-booksBitcoinbooks