A 27-part series that takes you from your very first F12 press all the way to writing persistent browser scripts. Every technique builds on the last. Most chapters need nothing but a browser and a curious mind — the final chapter adds Tampermonkey to make your scripts persistent.
Level 1 — Zero Coding Required
You don't need to know a single line of code to start here. These tricks use the browser's built-in inspector — the same tool professional web developers use every day. Your only job is to press <kbd>F12</kbd> and click.
1
Edit Any Webpage in Seconds (Great for Pranks!)
Make any website say whatever you want in about ten seconds — great for pranks. Teaches: the DOM, <code>document.designMode</code>.
Make any website say whatever you want in about ten seconds — great for pranks. Teaches: the DOM, <code>document.designMode</code>.
2
Reveal a Saved Password Hidden Behind Dots
Your browser auto-filled a password and you can't remember it. One attribute change fixes that. Teaches: HTML <code>type</code> attributes, Inspect Element.
Your browser auto-filled a password and you can't remember it. One attribute change fixes that. Teaches: HTML <code>type</code> attributes, Inspect Element.
3
Watch YouTube Shorts in the Normal Player (No Extensions Required)
The Shorts player hides speed controls and breaks volume mixing. One URL swap opens the exact same video in the full desktop player. Teaches: URL structure and bookmarklets.
The Shorts player hides speed controls and breaks volume mixing. One URL swap opens the exact same video in the full desktop player. Teaches: URL structure and bookmarklets.
Level 2 — Your First Console Scripts
Time to open the JavaScript Console and type commands that actually change how a game works. These three posts introduce variables, objects, automation loops, and event simulation — core concepts you will use in every subsequent post.
4
Hacking the Chrome Dino Game
Set an immortal dino, freeze the score counter, and get a free high score in one console command. Teaches: JS objects, property assignment, the Console tab.
Set an immortal dino, freeze the score counter, and get a free high score in one console command. Teaches: JS objects, property assignment, the Console tab.
5
Hacking Wordle: Solve It in One Try Using Browser DevTools
Solve Wordle on your very first guess every day. Teaches: the Network tab, <code>localStorage</code>, reading game state from the browser's own memory.
Solve Wordle on your very first guess every day. Teaches: the Network tab, <code>localStorage</code>, reading game state from the browser's own memory.
6
Auto-play the Chrome Dino Game with JavaScript
Write a bot that plays the Dino game indefinitely — zero keystrokes from you after launch. Teaches: <code>setInterval</code>, event dispatching, reading live game state.
Write a bot that plays the Dino game indefinitely — zero keystrokes from you after launch. Teaches: <code>setInterval</code>, event dispatching, reading live game state.
Level 3 — Advanced Game Manipulation
You have the basics. Now go deeper. These three posts show you how to override the browser's own built-in functions, build bots that mimic human behaviour convincingly, and exploit intentional backdoors that developers accidentally (or not so accidentally) left inside their own code.
7
Hacking Minesweeper Online: Rigging the RNG
Guarantee a safe first click — every time — by controlling which numbers the browser considers "random". Teaches: monkey-patching <code>Math.random</code>, prototype overrides.
Guarantee a safe first click — every time — by controlling which numbers the browser considers "random". Teaches: monkey-patching <code>Math.random</code>, prototype overrides.
8
Hacking TypeRacer: The Human-Mimic Bot
Finish a TypeRacer race at a perfectly human 85 WPM without typing more than one key yourself. Teaches: async automation, timing jitter, DOM input simulation.
Finish a TypeRacer race at a perfectly human 85 WPM without typing more than one key yourself. Teaches: async automation, timing jitter, DOM input simulation.
9
Cookie Clicker Hacks: Three Backdoors the Developer Left Wide Open
Three separate ways to break Cookie Clicker — including a backdoor the developer left inside the game on purpose. Teaches: global API surfaces, <code>Game</code> object, developer-mode hooks.
Three separate ways to break Cookie Clicker — including a backdoor the developer left inside the game on purpose. Teaches: global API surfaces, <code>Game</code> object, developer-mode hooks.
Level 4 — CSS Injection & Bookmarklets
Typing into the Console every time gets old fast. Bookmarklets let you save a hack as a browser bookmark and run it with a single tap — even on mobile where DevTools doesn't exist at all. This section also covers CSS injection to change how websites look and feel.
10
Brute-Force Dark Mode on Any Website — Desktop and Mobile
Force any website into dark mode in two seconds on both desktop and mobile. Teaches: CSS <code>filter</code> injection, <code>invert()</code>, <code>hue-rotate()</code>, the <code><style></code> injection pattern.
Force any website into dark mode in two seconds on both desktop and mobile. Teaches: CSS <code>filter</code> injection, <code>invert()</code>, <code>hue-rotate()</code>, the <code><style></code> injection pattern.
11
Hack the Chrome Dino on Mobile — No Computer Needed (Bookmarklet Method)
Apply the Dino hacks from Part 3 on your phone — no computer, no DevTools. Teaches: bookmarklets, <code>javascript:</code> URLs, mobile browser address-bar tricks.
Apply the Dino hacks from Part 3 on your phone — no computer, no DevTools. Teaches: bookmarklets, <code>javascript:</code> URLs, mobile browser address-bar tricks.
12
Hack Wordle on Mobile — No Computer Needed (Bookmarklet Method)
Apply the Wordle hack from Part 4 on your phone with a single bookmark tap. Teaches: packaging complex scripts as a bookmarklet, URL encoding.
Apply the Wordle hack from Part 4 on your phone with a single bookmark tap. Teaches: packaging complex scripts as a bookmarklet, URL encoding.
13
Fake Being a Liberal in Secret Hitler (Browser Hack)
Swap your Fascist role images and scrub teammate names on secret-hitler.com so your screen always reads 'Liberal' — with a MutationObserver keeping the mask in place across mobile dialog resets. Teaches: <code>getAttribute</code> vs <code>img.src</code>, sibling DOM removal, persistent <code>MutationObserver</code> patterns.
Swap your Fascist role images and scrub teammate names on secret-hitler.com so your screen always reads 'Liberal' — with a MutationObserver keeping the mask in place across mobile dialog resets. Teaches: <code>getAttribute</code> vs <code>img.src</code>, sibling DOM removal, persistent <code>MutationObserver</code> patterns.
Level 5 — Network Sniffing & Media Downloading
Now the serious power moves. These posts show you how to intercept network traffic, inspect the browser's internal data structures, use platform JSON APIs, and ultimately write a fully persistent userscript — a mini browser extension you author yourself. Each platform teaches a different angle of the same underlying skill.
14
Save Instagram Photos: Remove the Right-Click Block
Instagram disables right-click on photos. This script strips the CSS lock — and keeps stripping it as you scroll and new posts load. Teaches: <code>MutationObserver</code>, CSS pointer-events.
Instagram disables right-click on photos. This script strips the CSS lock — and keeps stripping it as you scroll and new posts load. Teaches: <code>MutationObserver</code>, CSS pointer-events.
15
Instagram Reel Sniper: Download Any Reel Directly from Your Browser
Instagram has no download button for Reels. This script adds one right in the browser. Teaches: Network tab sniffing, <code>fetch()</code> with Blob, dynamic anchor download.
Instagram has no download button for Reels. This script adds one right in the browser. Teaches: Network tab sniffing, <code>fetch()</code> with Blob, dynamic anchor download.
16
Short-Form Sovereignty: YouTube Shorts are easier to hack than the Main Site
YouTube Shorts have a structural blind spot in their architecture that makes them easier to download than regular YouTube videos. Teaches: <code><video></code> element <code>src</code> extraction, Shorts player quirks.
YouTube Shorts have a structural blind spot in their architecture that makes them easier to download than regular YouTube videos. Teaches: <code><video></code> element <code>src</code> extraction, Shorts player quirks.
17
Twitter/X Video Sniper: Download Any Video Directly from Your Browser
Twitter/X has never offered a download button. This script captures any playing video. Teaches: HLS stream identification, MediaSource API basics, blob URL capture.
Twitter/X has never offered a download button. This script captures any playing video. Teaches: HLS stream identification, MediaSource API basics, blob URL capture.
18
Reddit Video Sniper: Download Any Reddit Video Directly from Your Browser
Reddit hides its own JSON API in plain sight — just append <code>.json</code> to any post URL. Teaches: public JSON API exploitation, <code>v.redd.it</code> CDN structure, programmatic fetch + download.
Reddit hides its own JSON API in plain sight — just append <code>.json</code> to any post URL. Teaches: public JSON API exploitation, <code>v.redd.it</code> CDN structure, programmatic fetch + download.
19
Instagram Story Sniper: Download Any Story Directly from Your Browser
Instagram Stories vanish after 24 hours and there's no Save button anywhere. This script reaches into the browser's React fiber tree to pull the original CDN URL. Teaches: React internal fibers, <code>__reactFiber</code> traversal.
Instagram Stories vanish after 24 hours and there's no Save button anywhere. This script reaches into the browser's React fiber tree to pull the original CDN URL. Teaches: React internal fibers, <code>__reactFiber</code> traversal.
20
Instagram Download Buttons: A Userscript That Adds ⬇ to Every Post, Reel, and Story
All three Instagram techniques bundled into one persistent userscript that injects a ⬇ button directly into the Instagram UI. Teaches: Tampermonkey/Greasemonkey userscripts, <code>@grant</code> directives, persistent DOM injection.
All three Instagram techniques bundled into one persistent userscript that injects a ⬇ button directly into the Instagram UI. Teaches: Tampermonkey/Greasemonkey userscripts, <code>@grant</code> directives, persistent DOM injection.
21
Hacking NYT Connections: Reveal All Answers in One Console Command
NYT Connections downloads the full answer JSON before you pick a single tile. Intercept it in the Network tab, then fetch and print all four colour-coded groups in one console command. Teaches: Fetch/XHR filtering, public JSON API exploitation, async IIFE pattern.
NYT Connections downloads the full answer JSON before you pick a single tile. Intercept it in the Network tab, then fetch and print all four colour-coded groups in one console command. Teaches: Fetch/XHR filtering, public JSON API exploitation, async IIFE pattern.
22
Hacking NYT Spelling Bee: Reveal All Answers and Pangrams Instantly
NYT Spelling Bee ships the full answer list — every valid word and every pangram — in a global <code>window.gameData</code> variable before you type a single letter. One console command reads it out; a bookmarklet wraps it in a collapsible floating panel. Teaches: reading game state from global JS variables, dynamic DOM overlay construction, IIFE scoping, bookmarklet UI patterns.
NYT Spelling Bee ships the full answer list — every valid word and every pangram — in a global <code>window.gameData</code> variable before you type a single letter. One console command reads it out; a bookmarklet wraps it in a collapsible floating panel. Teaches: reading game state from global JS variables, dynamic DOM overlay construction, IIFE scoping, bookmarklet UI patterns.
23
Hacking NYT Strands: Reveal the Theme, Spangram and All Answers Instantly
NYT Strands fetches the full puzzle payload — theme clue, spangram, and every theme word — from a public JSON endpoint before you place a single word. One <code>fetch()</code> call reads it all; a bookmarklet wraps it in a collapsible floating panel. Teaches: Fetch/XHR network sniffing, same-origin <code>fetch()</code>, local date construction, dynamic DOM overlay construction.
NYT Strands fetches the full puzzle payload — theme clue, spangram, and every theme word — from a public JSON endpoint before you place a single word. One <code>fetch()</code> call reads it all; a bookmarklet wraps it in a collapsible floating panel. Teaches: Fetch/XHR network sniffing, same-origin <code>fetch()</code>, local date construction, dynamic DOM overlay construction.
24
The Ultimate WhatsApp Web Power-User Guide: DevTools Secrets for Downloading Statuses
WhatsApp has no download button for Statuses. DevTools does — and it's already in your browser. Extracts photo Statuses via blob URLs in the Elements panel, downloads video Statuses with the Network tab Media filter, and bypasses CSS <code>user-select: none</code> to copy 'uncopyable' text Statuses. No extensions, no code.
WhatsApp has no download button for Statuses. DevTools does — and it's already in your browser. Extracts photo Statuses via blob URLs in the Elements panel, downloads video Statuses with the Network tab Media filter, and bypasses CSS <code>user-select: none</code> to copy 'uncopyable' text Statuses. No extensions, no code.
25
Browser Power-User Hacks: Dismantling Pinterest's Annoying UI with DevTools
Pinterest's login wall is three layers deep: a modal, a click-shield overlay, and a CSS scroll-lock. This post takes each one down with Inspect Element, then shows how to rewrite the CDN URL to pull the full-resolution original instead of the compressed thumbnail. Teaches: DOM element deletion, <code>overflow: hidden</code> CSS override, CDN URL structure.
Pinterest's login wall is three layers deep: a modal, a click-shield overlay, and a CSS scroll-lock. This post takes each one down with Inspect Element, then shows how to rewrite the CDN URL to pull the full-resolution original instead of the compressed thumbnail. Teaches: DOM element deletion, <code>overflow: hidden</code> CSS override, CDN URL structure.
26
Quora Unlocked: Bypassing Login Walls and Blurs Using Only Your Browser
Quora wraps its answers in a login modal, a click-shield overlay, and a <code>filter: blur()</code> CSS wall. The <code>?share=1</code> URL trick bypasses the wall on reload; the Triple Threat (DOM deletion + a one-line console command) clears all three layers without leaving the page. Teaches: URL query parameters, DOM element deletion, CSS filter override, <code>querySelectorAll</code> console scripting.
Quora wraps its answers in a login modal, a click-shield overlay, and a <code>filter: blur()</code> CSS wall. The <code>?share=1</code> URL trick bypasses the wall on reload; the Triple Threat (DOM deletion + a one-line console command) clears all three layers without leaving the page. Teaches: URL query parameters, DOM element deletion, CSS filter override, <code>querySelectorAll</code> console scripting.
Level 6 — API Interception & Response Spoofing
The final leap: instead of reading what a server sends, you replace it. By monkey-patching <code>window.fetch</code> before the game loads, you intercept outgoing requests mid-flight and hand the game a response you fabricated yourself — the ultimate technique for bending any API-driven browser game to your will.
27
Hacking Infinite Craft: Inject Any Item by Spoofing the API Response
Infinite Craft asks a server for every combination result. This script replaces <code>window.fetch</code> with its own version, intercepts the pair API call, and returns a fake response — letting you inject any item with any emoji as a brand-new discovery. Teaches: monkey-patching <code>window.fetch</code>, constructing <code>new Response()</code>, URL-targeted interception, queued injection pattern.
Infinite Craft asks a server for every combination result. This script replaces <code>window.fetch</code> with its own version, intercepts the pair API call, and returns a fake response — letting you inject any item with any emoji as a brand-new discovery. Teaches: monkey-patching <code>window.fetch</code>, constructing <code>new Response()</code>, URL-targeted interception, queued injection pattern.