I suppose the solution to this is error handling where you let the LLM know the file they specified wasn't found. It's just such an odd concept and feels completely different than any programming I've done in the past.

I don't know if success rates improve with more expensive models like o1 or o1-mini, but 4o is not consistent for me. Supplying the ability for it to fetch files works 90% of the time, but other times it'll add an extra comment after the filename, causing an error.

Do you still participate in Bug Bounty?

I'm kind of surprised. At this point, I can cause all `if` and `switch` branches to execute, I ignore `break`s, and ignore `return`s that don't have a value. I was expecting websites to completely break, but they're almost all completely functional.

Thanks! I'm going to try this.

I have severely underestimated the difficulty of this.

I got this to run, but it doesn't work as well as I'd like. Decided to modify v8 myself and rebuild Chromium, which has actually been a lot of fun.

Beyond that research paper (which unfortunately, the code is not open source), I found this recent talk: www.youtube.com/watch?v=kQOM...

That has an open source solution (I have yet to test): github.com/wspr-ncsu/FV8

It actually seems like something like this has been implemented before for malware analysis: chungkim.io/doc/www17-jf...

For additional context, I'd like code like so...

if (false) alert('x');

to execute the `alert` despite the false condition.

Unless there's some magic functionality that allows this in extensions that I'm unaware of, the only other thing I can think of is modifying an existing browser's functionality, which I'd really like to avoid.

Thanks!

I bought a year of Burp Suite Pro for almost 1 BTC.

If some of their users become upset, meh, who cares. If some of their large b2b customers become upset, that's a much bigger issue.