An 18-part series that takes you from your very first F12 press all the way to writing persistent browser scripts. Every technique builds on the last. Most chapters need nothing but a browser and a curious mind — the final chapter adds Tampermonkey to make your scripts persistent.
Level 1 — Zero Coding Required
You don't need to know a single line of code to start here. These two tricks use the browser's built-in inspector — the same tool professional web developers use every day. Your only job is to press F12 and click.
Make any website say whatever you want in about ten seconds — great for pranks. Teaches: the DOM,
document.designMode.
Your browser auto-filled a password and you can't remember it. One attribute change fixes that. Teaches: HTML
type attributes, Inspect Element.
Level 2 — Your First Console Scripts
Time to open the JavaScript Console and type commands that actually change how a game works. These three posts introduce variables, objects, automation loops, and event simulation — core concepts you will use in every subsequent post.
Set an immortal dino, freeze the score counter, and get a free high score in one console command. Teaches: JS objects, property assignment, the Console tab.
Solve Wordle on your very first guess every day. Teaches: the Network tab,
localStorage, reading game state from the browser's own memory.
Write a bot that plays the Dino game indefinitely — zero keystrokes from you after launch. Teaches:
setInterval, event dispatching, reading live game state.
Level 3 — Advanced Game Manipulation
You have the basics. Now go deeper. These three posts show you how to override the browser's own built-in functions, build bots that mimic human behaviour convincingly, and exploit intentional backdoors that developers accidentally (or not so accidentally) left inside their own code.
Guarantee a safe first click — every time — by controlling which numbers the browser considers "random". Teaches: monkey-patching
Math.random, prototype overrides.
Finish a TypeRacer race at a perfectly human 85 WPM without typing more than one key yourself. Teaches: async automation, timing jitter, DOM input simulation.
Three separate ways to break Cookie Clicker — including a backdoor the developer left inside the game on purpose. Teaches: global API surfaces,
Game object, developer-mode hooks.
Level 4 — CSS Injection & Bookmarklets
Typing into the Console every time gets old fast. Bookmarklets let you save a hack as a browser bookmark and run it with a single tap — even on mobile where DevTools doesn't exist at all. This section also covers CSS injection to change how websites look and feel.
Force any website into dark mode in two seconds on both desktop and mobile. Teaches: CSS
filter injection, invert(), hue-rotate(), the <style> injection pattern.
Apply the Dino hacks from Part 3 on your phone — no computer, no DevTools. Teaches: bookmarklets,
javascript: URLs, mobile browser address-bar tricks.
Apply the Wordle hack from Part 4 on your phone with a single bookmark tap. Teaches: packaging complex scripts as a bookmarklet, URL encoding.
Level 5 — Network Sniffing & Media Downloading
Now the serious power moves. These posts show you how to intercept network traffic, inspect the browser's internal data structures, use platform JSON APIs, and ultimately write a fully persistent userscript — a mini browser extension you author yourself. Each platform teaches a different angle of the same underlying skill.
Instagram disables right-click on photos. This script strips the CSS lock — and keeps stripping it as you scroll and new posts load. Teaches:
MutationObserver, CSS pointer-events.
Instagram has no download button for Reels. This script adds one right in the browser. Teaches: Network tab sniffing,
fetch() with Blob, dynamic anchor download.
YouTube Shorts have a structural blind spot in their architecture that makes them easier to download than regular YouTube videos. Teaches:
<video> element src extraction, Shorts player quirks.
Twitter/X has never offered a download button. This script captures any playing video. Teaches: HLS stream identification, MediaSource API basics, blob URL capture.
Reddit hides its own JSON API in plain sight — just append
.json to any post URL. Teaches: public JSON API exploitation, v.redd.it CDN structure, programmatic fetch + download.
Instagram Stories vanish after 24 hours and there's no Save button anywhere. This script reaches into the browser's React fiber tree to pull the original CDN URL. Teaches: React internal fibers,
__reactFiber traversal.
All three Instagram techniques bundled into one persistent userscript that injects a ⬇ button directly into the Instagram UI. Teaches: Tampermonkey/Greasemonkey userscripts,
@grant directives, persistent DOM injection.