Skip to content

Instantly share code, notes, and snippets.

View J2TEAM's full-sized avatar
💭
I may be slow to respond.

JUNO_OKYO J2TEAM

💭
I may be slow to respond.
2.2k followers · 256 following
View GitHub Profile
@nathansmith
nathansmith / lulz.js
Last active August 29, 2015 14:04
Paste this into browser console, to illustrate why arbitrary script execution is bad.
(function(d) {
'use strict';
// DOM elements.
var body = d.body;
var html = d.documentElement;
var head = d.head || d.getElementsByTagName('head')[0];
// Style attributes.
var b = body.style;
@turbo
turbo / readcolor.au3
Created June 14, 2015 09:15
Read pixel from hidden window
#include <WinAPI.au3>
#include <WindowsConstants.au3>
Opt("WinTitleMatchMode", 2)
Local $hCompDC = _WinAPI_CreateCompatibleDC(0)
Local $tBMI = DllStructCreate($tagBITMAPINFO)
DllStructSetData($tBMI, 1, DllStructGetSize($tBMI) - 4) ; size of struct
DllStructSetData($tBMI, 2, 400) ; width
DllStructSetData($tBMI, 3, 400) ; height
@nickgartmann
nickgartmann / realtime.js
Created March 5, 2014 17:31
A bookmarklet for setting the favicon of google analytics to the number of people currently on your site. (Will break not update if not navigated to the real time page - I suggest leaving it sit as a pinned tab)
javascript:var thing=function(){var e=parseInt(document.getElementById("ID-overviewCounterValue").innerText);[].slice.call(document.querySelectorAll("link[type='image/x-icon']")).forEach(function(e){e.parentNode.removeChild(e)});var t=document.createElement("canvas");t.width=16;t.height=16;var n=t.getContext("2d");var r=function(){n.font="bold 10px sans-serif";n.fillText(e,e>9?2:4,12);var r=document.createElement("link");r.type="image/x-icon";r.rel="shortcut icon";r.href=t.toDataURL("image/x-icon");document.getElementsByTagName("head")[0].appendChild(r)};r()};setInterval(thing,1e3)
@zigzag32
zigzag32 / GoogleDomainsMgr_.idea_.name
Last active April 16, 2016 07:09
A simple Google Domains Dynamic DNS IP updater.
GoogleDomainsMgr
@fetep
fetep / genhttplogs.rb
Created March 14, 2012 15:32
apache log generator
#!/usr/bin/ruby
class IPGenerator
public
def initialize(session_count, session_length)
@session_count = session_count
@session_length = session_length
@sessions = {}
end
@blacktm
blacktm / module.js
Last active September 4, 2017 04:13
A JavaScript revealing module pattern template.
/*
* module.js - The description of the module.
*/
var Module = (function () {
// Properties
///////////////////////////
var x = 0;
@tungpt247
tungpt247 / sublime_text_3_license_key
Created February 5, 2015 07:52
Sublime Text 3 License Key (Build 3065)
—– BEGIN LICENSE —–
K-20
Single User License
EA7E-940129
3A099EC1C0B5C7C5 33EBF0CF BE82FE3B
@edolganov
edolganov / main_out.js
Created May 10, 2015 17:19
agar.io game client with bots
//replace http://agar.io/main_out.js by this file
//with Fiddler Web Debugger (AutoResponder tab)
//bots can be created in different rooms - so try restart the page if need
var totalBotCount = 0;
function game(h, r, bot, botUrl, botName) {
@nathansmith
nathansmith / iframe_breakout.html
Created January 12, 2012 04:58
<script>
// Break out of an iframe, if someone shoves your site
// into one of those silly top-bar URL shortener things.
//
// Passing `this` and re-aliasing as `window` ensures
// that the window object hasn't been overwritten.
//
// Example:
// var window = 'haha, punked!';
@timruffles
timruffles / attack.md
Last active November 21, 2020 17:35
Chrome/Gmail attack received 11/03/2016. Not sure if the Chrome meta refresh + data:text,html technique is novel.

The following attack will display a "you've been signed out" page for GMail, and attempt to steal your account credentials.

DO NOT PUT ANY ACCOUNT CREDENTIALS INTO ANY TABS CREATED AFTER VISITING THESE LINKS :)

I received an email in my GMail inbox with a fake attachment image, styled to look like the real GMail attachment UI:

fake

This linked to a page that ended up displaying a fake "you've been signed out" link, via the data:text/html... URL feature of Chrome: