Skip to content

Instantly share code, notes, and snippets.

Avatar
There's nothing more permanent than a temporary hack.

Alex Flores audibleblink

There's nothing more permanent than a temporary hack.
View GitHub Profile
@audibleblink
audibleblink / wd-ex.md
Last active Oct 15, 2019
Compromised Web Developer Extension Steals Cloudflare Tokens
View wd-ex.md

Compromised Web Developer Extension Steals Cloudflare Tokens

Upon receiving news that the popular Chrome Extension, Web Developer, had been compromised, I became curious about exactly how malicious the highjacking was. Most sites are reporting that it injects ads. It's more nefarious than that. Since the extension calls out to an attacker-controlled URL, the payload hosted at that URL could be changed to anything at any time.

At the time of inspection, the code checks to see if the victim is on the Cloudflare domain. If it is, it starts an XHR request to fetch the users' API token and ships it, along with the victim's email, to a remote server.

@audibleblink
audibleblink / io.ngrok.client.plist
Last active Aug 13, 2021
launchd file to keep ngrok alive; requires you have an ngrok config file with your connection definitions
View io.ngrok.client.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>io.ngrok.start</string>
<key>KeepAlive</key>
<true/>
<key>ProgramArguments</key>
<array>
@audibleblink
audibleblink / list.rb
Last active Aug 29, 2015
reimplemented unix tree
View list.rb
#!/usr/bin/env ruby
# without the glyphs, if you prefer
def list entry=Dir.pwd
Dir.entries(entry)[2..-1].each do |item|
puts File.basename(item)
list("#{entry}/#{item}") if File.directory?("#{entry}/#{item}")
end
end
@audibleblink
audibleblink / Resources.md
Last active May 29, 2016
Resources for Learning iOS
View Resources.md
[1]: https://www.udemy.com/swift-learn-apples-new-programming-language-by-examples/
[2]: https://www.udacity.com/course/ud585
[3]: http://www.lynda.com/Swift-tutorials/Swift-Programming-Language-First-Look/182175-2.html
[4]: https://www.bloc.io/swiftris-build-your-first-ios-game-with-swift
[5]: http://www.bignerdranch.com/we-teach/how-to-prepare/ios-device-provisioning.html
[6]: https://parse.com
[7]: http://www.weheartswift.com/swift-programming-scratch-100-exercises/
[8]: https://www.weheartswift.com/object-oriented-programming-swift/
[9]: http://www.learnswift.io/blog/2014/6/12/size-classes-with-xcode-6-and-swift
[10]: http://www.raywenderlich.com/83129/beginning-auto-layout-tutorial-swift-part-1
View binary_search.rb
# hopefully the descriptive names eliminate the need for comment
def search(collection, the_item_for_which_i_am_searching, the_lower_bounds=0, the_upper_bounds=collection.length)
the_middle_index = (the_lower_bounds + the_upper_bounds) / 2
the_middle_item = collection[the_middle_index]
return the_middle_index if the_middle_item == the_item_for_which_i_am_searching
return -1 if the_upper_bounds <= the_lower_bounds
@audibleblink
audibleblink / Swift.sublime-build
Created Dec 13, 2014
Swift Build System for Sublime Text
View Swift.sublime-build
// Tested on Yosemite with Xcode6
// This only works if `swift` from
// your shell starts the Swift REPL
{
"cmd": ["swift", "$file"],
"selector": "source.swift"
}
@audibleblink
audibleblink / sudoku.rb
Last active Aug 29, 2015
Easy-level solver for sudoku
View sudoku.rb
class Sudoku
def initialize(board_string)
@board = board_string.split("")
end
def solve!
return self if solved?
board.each_with_index do |cell, cell_index|
# next unless cell == '0'
@audibleblink
audibleblink / newnew.js
Created Aug 19, 2014
Reimplementation of the `new` keyword as a function
View newnew.js
var newNew = function(constructor, args) {
var instance = Object.create(constructor.prototype)
// instance.__proto__ = constructor.prototype // Same as line above
instance.constructor = constructor // So that you can see who created this.
constructor.apply(instance, args) // Same as #call except args is an arrray with apply
return instance
}
View cookie clicker cheats.js
@audibleblink
audibleblink / keybase
Created Apr 17, 2014
ID file for authing identity on keybase
View keybase
### Keybase proof
I hereby claim:
* I am audibleblink on github.
* I am serveradmin (https://keybase.io/serveradmin) on keybase.
* I have a public key whose fingerprint is 787B BF72 6546 7718 7846 E543 687E F6FF F816 42CB
To claim this, I am signing this object: