How inspect element helped me secure a dorm room

could've been homeless

21st August 2024: There I was, frantically trying to secure a dorm room at Zhejiang University for my exchange program. Determined not to be left out, I set my alarm early and pounced on the housing portal the moment it opened.

The first hurdle? A prompt to reset my default password. Like any responsible adult who can't remember passwords to save their life, I whipped out my trusty password manager. I went with a generated passphrase that probably looked something like this: Tarmac7-Cabana-Mulberry

Perfect. Strong, secure, impossible to remember—just how I like it.

Password successfully updated. Nice.

Redirected to the login page, I right-clicked and let autofill work its magic.

Login failed. Incorrect password

??????

Okay, maybe I misclicked. Let's try again. Autofill, click login.

Login failed. Incorrect password

That can't be right. I literally just changed it, I used a password manager, there's no way I set the wrong password or forgot what I set.

As disbelief and denial slowly set in, I tried a couple more times. Then I looked for the "Reset password" button. There wasn't one. Great.

I fired off an email to the school, hoping they would help me reset my password quickly. Spoiler: they replied at the end of the day—faster than expected, but not fast enough to save me in the moment.

Defeated, I started looking at alternative accommodations and trying to convince my friends to join me off-campus. "Eh, anyone wanna stay service apartment...?"

how-inspect-element-helped-me-secure-a-dorm-room_2024-09-15-18-08-05.png

Desperation ensued. I didn't wanna stay alone.

While complaining to my girlfriend about my predicament, she suggested something seemingly obvious: "Why not try to type it in manually instead?"

Psh. How's that supposed to help? I thought to myself. But, I had no better ideas, so I decided to give it a shot.

I opened my password manager and started typing it out manually. That's when I noticed something strange—my password looked way longer than what had been autofilled. This password field seemed to have stopped accepting characters halfway through.

And then it hit me.

The housing portal had let me set a password longer than 20 characters, but when it came time to log in, it was like, "Nope, sorry, we don't do long passwords here." They'd set an arbitrary 20-character limit on the input field.

Are you kidding me?

I started thinking through the possibilities. There had to be a way out of this. Think, Gavin, think. My first thought? Maybe the backend didn't care about this ridiculous situation, and I could just bypass it by calling the API directly. I pulled up the Network tab, ready to dig into some requests and see if I could manually send my password that way.

That's when my girlfriend, sheepishly (since she doesn't do web development), suggested, “Would it be possible to change the frontend code instead?”

I stared at her.

She stared back, uncertainty in her eyes, unsure whether she had asked a stupid question.

My girlfriend is a goddamn genius

The second she suggested that, I felt like a fool, how could I not have thought about this earlier? 🤦

At this point, I was 95% confident that this would work. I opened Inspect Element, found the culprit—maxlength="20"—and deleted it with a quick tap on the keyboard. The cap was gone, and I could now type my entire password—all of it.

I clicked "Log in" and held my breath... and I'm in..

hackerman.png

hackerman

First actual practical application of web dev irl. Also, sometimes the easiest and most obvious solutions are right in front of our eyes.