Skip to content

Instantly share code, notes, and snippets.

Patrick Thomas coffeetocode

Block or report user

Report or block coffeetocode

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View reassemble_mptcp_challenge.py
# Uses Nicolas Maitre's MPTCP-capable scapy impl, so that should be
# on the python path, or run this from a directory containing that "scapy" dir
from scapy.all import *
packets = rdpcap("pcaps/neohapsis_mptcp_challenge.pcap")
payload_packets = [p for p in packets if TCP in p
and p[IP].src in ("192.168.1.26", "192.168.1.33")
and TCPOption_MP in p
and p[TCPOption_MP].mptcp.subtype == 2
and Raw in p]
@coffeetocode
coffeetocode / BurpPluginDemo.py
Created Sep 14, 2013
Code sample included with "Burp Extensions in Python & Pentesting Custom Web Services" at http://labs.neohapsis.com/
View BurpPluginDemo.py
# These are java classes, being imported using python syntax (Jython magic)
from burp import IBurpExtender
from burp import IHttpListener
# These are plain old python modules, from the standard library
# (or from the "Folder for loading modules" in Burp>Extender>Options)
from datetime import datetime
class BurpExtender(IBurpExtender, IHttpListener):
View erin_is_cheating.js
var results = {"Erin Ptacek": {0:0, 1:0, 2:0},
"Thomas Ptacek": {0:0, 1:0, 2:0},
"Jeremy Rauch": {0:0, 1:0, 2:0},
};
for(var i = 0; i < 1000000; i++) {
var arr = ["Erin Ptacek", "Thomas Ptacek", "Jeremy Rauch"].sort(function(x, y) { return 1 - Math.ceil(Math.random() * 100) % 3; });
for(var name in results) {
results[name][arr.indexOf(name)]++;
}
View latacora_logged_compares.js
const_arr = ["Erin Ptacek", "Thomas Ptacek", "Jeremy Rauch"]
arr = []
var results = {"Erin Ptacek": {0:0, 1:0, 2:0},
"Thomas Ptacek": {0:0, 1:0, 2:0},
"Jeremy Rauch": {0:0, 1:0, 2:0},
};
// custom sort function definition equiv to "x-y"
@coffeetocode
coffeetocode / example_output.txt
Created Feb 23, 2018
Example of bypasses for naive blacklists of 169.254.169.254 local metadata service. See https://twitter.com/coffeetocode/status/912788650408026112
View example_output.txt
$ ./try_local_metadata.sh
Trying 169.254.169.254... found metadata
Trying 169.254.43518... -
Trying 169.1668966... -
Trying 2852039166... found metadata
Trying 0251.0376.0251.0376... found metadata
Trying 0251.0376.0124776... -
Trying 251.0775248... -
Trying 25177524776... -
Trying 0xa9.0xfe.0xa9.0xfe... found metadata
You can’t perform that action at this time.