Manuel Caballero

@YouPulseX Haha =) It's on the blog-post!

@magicmac2000 What log becomes the receipt when CSP is bypassed, DevTools is blind, and the real User-Agent still leaves?

[ Chromium ] Stealth request that bypasses CSP, hides from DevTools, and leaks the real User-Agent (in case you faked it 😁) brokenbrowser.com/blog/2026-05-0…

@soutagx86 @siunam321 Great, so I didn't even steal it properly. I skipped the guy who actually found it first 🤦‍♂️😂

@magicmac2000 @siunam321 Nah nah apparently this was known before me even finding it lol

@soutagx86 @siunam321 But based on what I'm posting, it seems as if I read your research and took it as mine!! 🤣🤣🤣🤣 BTW, this thing is really useful to me, not because of the CSP but the fact that we can pass data bypassing what automated frameworks (bots) can easily see.

@magicmac2000 @siunam321 Thx used to read many of your research before

@host_down At 52 I'm still figuring it out, so you might want to pick a faster role model 😄

When I grow up I want to be like Manuel 😆

@siunam321 @soutagx86 Thanks, Siunam! I've updated the public post reflecting my sad reality 😄😄 brokenbrowser.com/blog/2026-05-0…

@magicmac2000 @soutagx86 Here's soutag's tweet!

@insertScript Hey Alex!!!! 😁 Same here! I had to double check it was me posting. Took me so long that by now someone else probably found the bug, reported it, got the bounty, AND spent it. But here I am, fashionably late to my own comeback. 😅

@magicmac2000 I had to double check that this is actually a new post from you. Nice to see back giving browsers a hard time :-D

@soutagx86 @siunam321 Wow!! Congrats, soutag and thanks siunam for the pointer! It seems I stumbled upon the same but a few years after haha =) Please, send me the link to the tweet to I can add proper credits to the blogpost! 😀

@siunam321 @magicmac2000 Wow I actually forgot about this 😂

@shhnjk Haha this made my day, Jun! 😄 You were breaking browsers since 2015? And still at it. Glad the nostalgia hits! Means a lot coming from you. x.com/magicmac2000/s… cracking.com.ar/poc/junspoof/s…

@magicmac2000 brokenbrowser.com always bring me back great memories :D Nice seeing your post again!

@rebane2001 Thanks Rebane! ☺️ My publishing schedule is basically: one kid has a girlfriend (RIP my existence), the other ignores me on weekends. Half a Saturday is all I need. 🤣

@magicmac2000 this is cool!! your past work is awesome, glad to see you back!

@whithat444 For Chrome/FF/Safari, nope. If you want to get examples of this on IE/Edge, you can check in the UXSS area where you will find many variations and several using javascript: and data: brokenbrowser.com/browser-worksh… What are you trying to achieve, exactly?

@magicmac2000 @magicmac2000 Have you ever bypassed window.opener.location for javascript: or data: URIs?

@chlclient Striking similarities! =) It seems as if I've copied from that blog, but I haven't seen it. I've tested the prerender as described in the blog-post but it didn't work. So, apparently the snippet that you are sending has been patched, but they forgot to do it on prerender 🤣

@magicmac2000 except this is prerender not prefetch

@t0xodile Thanks, Thomas =) It's a bit of pure luck, really. I was trying to find a stealth extension detector and stumble upon this beauty in the middle of the research 🤣

@magicmac2000 What the hell is this 😂. Awesome work!

@garethheyes Thanks, Garetho! You know you and Dave were big inspirations for me. Thanks for always being so generous with your knowledge and helpful with me! ☺️

@magicmac2000 Love your posts! Glad to see you back and kicking

@PaulosYibelo Thank you, Paulos! 😄 After years of being the most important person in my kids' lives, I have now been officially downgraded to "that guy who still lives here." On the bright side, all that free time had to go somewhere. So here I am! 😄🤣

@magicmac2000 Glad to see you back and publishing again Manuel!

@PiotrBania @richinseattle @phrack Like these ones youtu.be/GemH59jhj9k?li… Cheers man! Looking forward to your next cracktros!

@magicmac2000 @richinseattle @phrack thanks man! will keep in mind for next releases :D

Spread the word! @phrack CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of @PiotrBania with some hopefully inspiring text from phrack staff :) phrack.org

@herrcore The work that you do is wonderful. Simply awesome. If I had to start all over again, my first step would be to begin with your tutorials. Congrats and my best wishes with the patreon!

🥂For 2026 we have added 30 new collections to our OALABS Patreon Now it's easy to browse by topic and quickly find multi-part RE series that were previously hidden! More to come soon... patreon.com/cw/oalabs/coll…

@thechartist Hey Nick! Thanks for your books and thoughts. I learned a lot from you. Now I need to put these things in action 😆😆😆. QQ: when you say that MaxDD is -5.1%, are you measuring every day or end of month? If end of month, do you have a measurement of MaxDD intraday? Thanks!

Real-time equity of the All Weather strategy. Tracking sideways at present - nothing out of the ordinary. Holding a 29% cash position at present. Current drawdown -2.8%. MaxDD since inception -5.1% Current CAGR since release tracking at 20.4%

@priceactionlab @hughesanalytics Michael, fantastic book all around. I got several gems from it and for sure I was fooling myself =) Why do you consider a filter (SMA200) invalid? Don't you think that using them to determine if an action is taken, is valid despite the fact that the number is arbitrary? Thanks!

@hughesanalytics The math is simple to prove this is not the case. Finding a consistent loser is as hard as finding a consistent winner. I show this in my book Fooled by Technical Analysis. eBook soon available in multiple bookstores.

Most of the time this isn't true. Flipping the logic still results in a downward sloping equity curve. Just looks different.