frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Ask HN: How do I learn practical electronic repair?

5•juanse•1h ago•3 comments

Ask HN: What is the best LLM for consumer grade hardware?

208•VladVladikoff•20h ago•165 comments

Ask HN: Hardware for 1k RPS?

3•gsky•7h ago•3 comments

How to improve interview skill?

4•gogo61•6h ago•5 comments

What motivates you to contribute to open source projects?

13•rizs12•15h ago•13 comments

Ask HN: Is it all becoming ChatGPT now?

3•doctorpangloss•2h ago•6 comments

Ask HN: What are you working on? (May 2025)

345•david927•5d ago•1063 comments

Ask HN: Why doesn't Google offer POS credit card reader like Square?

2•Openai2•8h ago•0 comments

Tell HN: eBay doesn't allow changing country

7•peterburkimsher•9h ago•3 comments

Ask HN: Lisp eval vs. Lisp macros. Are they the same underlying concept?

9•behnamoh•17h ago•6 comments

Ask HN: What projects do you donate to?

277•xeonmc•1w ago•284 comments

Tell HN: Namecheap pre-purchasing searched domain names?

18•iamtoomas•23h ago•23 comments

Ask HN: New Economics of Software Development Lifecycle

3•breckenedge•13h ago•6 comments

Ask HN: How do you set up a new dev machine? (2025 edition)

9•daryllxd•21h ago•5 comments

Ask HN: What tools do you use to discover competitors?

4•flippyhead•17h ago•8 comments

Tasks Per Day – A minimalist productivity app that works

4•TerrenceTian•1d ago•3 comments

Ask HN: How are people using ChatGPT to increase productivity in personal life?

11•shreythecray•1d ago•8 comments

Ask HN: Career Plateau: Looking for Advice on How to Break Through

6•vaderyondu•1d ago•9 comments

Ask HN: Management wants to talk to my Datalake. What's the best way to do this?

4•GaiusCoffee•1d ago•1 comments

Can we take a moment to appreciate what kind of web experience we are building?

10•tomdesantis•1d ago•7 comments

Ask HN: Arc is dead, where should we move now?

4•Vishal19111999•1d ago•21 comments

Ask HN: Anyone struggling to get value out of coding LLMs?

332•bjackman•4d ago•274 comments

We'll backtest your trading strategy for you

8•growbell_social•17h ago•3 comments

Microcenter Is Back in California

12•jedberg•15h ago•4 comments

Ask HN: What's the best tool you've used for sprint planning in 2025?

4•jackh04878•1d ago•14 comments

Best Buy is selling a $400 "digital Ethernet" cable for "cleaner, clearer sound"

15•34679•2d ago•14 comments

Ask HN: Why that many more US-based companies are hiring "US-only" remote?

18•soneca•3d ago•18 comments

Ask HN: Go deep into AI/LLMs or just use them as tools?

195•pella_may•1w ago•133 comments

Al-LLM powered eBPF based security platform

5•gaurav1086•2d ago•5 comments

FYI: LinkedIn has "Data for GenAI Improvement" turned ON, by default

2•neofrommatrix•8h ago•1 comments
Open in hackernews

Reverse engineering Twitter's new WASM-based "X-XP-Forwarded-For" antibot header

16•dsekz•1d ago
Twitter/X recently added a new header called X-XP-Forwarded-For, generated and encrypted by their own WASM-based fingerprinting system. This repo breaks down the entire flow: https://github.com/dsekz/twitter-x-xp-forwarded-for-header

Comments

Raed667•1d ago
so the encryption is pretty much hardcoded making it more like an "obfuscation" ?
dsekz•1d ago
You’re right. In this case, just knowing the guest_id is enough to break down the header. Twitter’s main goal here is mostly to obfuscate the data and make the reverse engineering process more painful.
seventh12•1d ago
Reversing will always win
dsekz•1d ago
In its current state, the protections are pretty weak. I’m sure they’ll update it, and we’ll see what changes they bring. If this header is meant to serve as an anti-bot measure, then there’s a lot more work they need to do both on the JS and WASM sides. On top of that, processing fingerprint data on the backend, like building user/fingerprint profiles, analyzing detailed browser, device and low level connection info, and using AI to spot patterns, makes the system a lot more complex. However, based on the current implementation, I anticipate they’ll likely stick to a relatively simplistic approach.