Corsin Camichel cocaman

## bazaar_get_sample.py
#!/usr/bin/env python3
import requests
import sys
import argparse
import pyzipper
import io

__author__ = "Corsin Camichel"
__copyright__ = "Copyright 2020, Corsin Camichel"
__license__ = "Creative Commons Attribution-ShareAlike 4.0 International License."

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                cocaman
                / keybase.md
            
            
              Created
              December 12, 2018 19:11
            
          
    Keybase proof

I hereby claim:

I am cocaman on github.
I am cocaman (https://keybase.io/cocaman) on keybase.
I have a public key ASCtrVSEH9GNbpkZn8hlqvRKTJ2pcGplfyl_NweKWWG2-Qo

To claim this, I am signing this object:

  
## gist:0195a0accc3c1bb09a35f91c02d168c9
<sinj>
<mm>https://www.bankline.natwest.com*</mm>
<sm>https://www.bankline.natwest.com/CWSLogon/logon.do*</sm>
<nh>ccsarewkpsmofyibdhqcgvnltzxj.net</nh>
<srv>195.133.144.126:443</srv>
</sinj>
<sinj>
<mm>https://www.bankline.rbs.com*</mm>
<sm>https://www.bankline.rbs.com/CWSLogon/logon.do*</sm>
<nh>cdsarpwtfdxysnmgejvzbicolqku.net</nh>

## cloudflare_challenge
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the
10th to get it (ok, looks like I was the 7th.) But I'm happy that I was able to prove to myself
that I too could do it.

First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially
believed that it would be highly improbable under normal conditions to obtain the private key
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to
extract private keys. So I wanted to see first-hand if it was possible or not.

## crime.py
# This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do
# Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz
# http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/

import string
import zlib
import sys
import random

charset = string.letters + string.digits + "%/+="
	#!/usr/bin/env python3
	import requests
	import sys
	import argparse
	import pyzipper
	import io

	__author__ = "Corsin Camichel"
	__copyright__ = "Copyright 2020, Corsin Camichel"
	__license__ = "Creative Commons Attribution-ShareAlike 4.0 International License."
	<sinj>
	<mm>https://www.bankline.natwest.com*</mm>
	<sm>https://www.bankline.natwest.com/CWSLogon/logon.do*</sm>
	<nh>ccsarewkpsmofyibdhqcgvnltzxj.net</nh>
	<srv>195.133.144.126:443</srv>
	</sinj>
	<sinj>
	<mm>https://www.bankline.rbs.com*</mm>
	<sm>https://www.bankline.rbs.com/CWSLogon/logon.do*</sm>
	<nh>cdsarpwtfdxysnmgejvzbicolqku.net</nh>
	I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the
	10th to get it (ok, looks like I was the 7th.) But I'm happy that I was able to prove to myself
	that I too could do it.

	First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially
	believed that it would be highly improbable under normal conditions to obtain the private key
	through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's
	challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to
	extract private keys. So I wanted to see first-hand if it was possible or not.
	# This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do
	# Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz
	# http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/

	import string
	import zlib
	import sys
	import random

	charset = string.letters + string.digits + "%/+="