Skip to content

Instantly share code, notes, and snippets.

@dcarley
dcarley / README.md
Last active October 6, 2021 13:05
PROXY protocol spoof test

Verifying whether the following can be spoofed (source).

Network Load Balancers use proxy protocol version 2 to send additional connection information such as the source and destination. Proxy protocol version 2 provides a binary encoding of the proxy protocol header. The load balancer prepends a proxy protocol header to the TCP data. It does not discard or overwrite any existing data, including any proxy protocol headers sent by the client or any other proxies, load balancers, or servers in the network path. Therefore, it is possible to receive more than one proxy protocol header. Also, if there is another network path to your targets outside of your Network Load Balancer, the first proxy protocol header might not be the one from your Network Load Balancer.

#!/usr/bin/env python
"""
Test the probabilty of a URL being vulnerable to CVE-2011-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Both this test and real PoC are largely dependent on the content being
served. Dynamic content rendered by mod_php and mod_wsgi is unlikely to be
affected, whereas static or proxied content from the same VirtualHost or
Apache instance may still be vulnerable. For this reason it is worth testing
@dcarley
dcarley / readme.md
Created July 28, 2020 10:24
samproxy CacheCapacity tuning notes

I was originally hoping to calculate the appropriate CacheCapacity from metrics at 10% traffic and then scale up from there, however it proved harder than I thought.

We have the following variables that we can tweak:

  • cache per pod: needs to be large enough that we can take spikes in trace volume or duration but not too large that we're wasting memory

  • memory per pod: should be less than 8G so that we can effectively fit

@dcarley
dcarley / keybase.md
Created June 19, 2019 09:32
keybase

Keybase proof

I hereby claim:

  • I am dcarley on github.
  • I am dcarley (https://keybase.io/dcarley) on keybase.
  • I have a public key whose fingerprint is 7F55 81C1 1A96 119A 6903 7518 4AAC F5A2 32BB 356A

To claim this, I am signing this object:

dcarley@cci-mbp  ~  xxd -c1
CIRCLE-15313
00000000: 43 C
00000001: 49 I
00000002: 52 R
00000003: 43 C
00000004: 4c L
00000005: 45 E
00000006: e2 .
00000007: 80 .
@dcarley
dcarley / apps.go
Last active May 4, 2018 10:01
CF apps inspection script
package main
import (
"flag"
"fmt"
"log"
"net/url"
cfclient "github.com/cloudfoundry-community/go-cfclient"
)
@dcarley
dcarley / tf_trace.log
Created January 9, 2018 12:32
Terraform TF_PLUGIN_CACHE_DIR issue
➜ terraform git:(a42fdb08a) ✗ TF_LOG=trace terraform init
2018/01/09 12:31:46 [INFO] Terraform version: 0.11.1
2018/01/09 12:31:46 [INFO] Go runtime version: go1.9.2
2018/01/09 12:31:46 [INFO] CLI args: []string{"/usr/local/Cellar/terraform/0.11.1/bin/terraform", "init"}
2018/01/09 12:31:46 [DEBUG] Attempting to open CLI config file: /Users/dcarley/.terraformrc
2018/01/09 12:31:46 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2018/01/09 12:31:46 [INFO] CLI command args: []string{"init"}
2018/01/09 12:31:46 [DEBUG] command: loading backend config file: /Users/dcarley/projects/gocode/src/github.com/hashicorp/terraform
2018/01/09 12:31:46 [INFO] command: empty terraform config, returning nil
2018/01/09 12:31:46 [DEBUG] command: no data state file found for backend config
@dcarley
dcarley / gist:5487768
Created April 30, 2013 09:58
Jenkins CORS
location /api/json {
proxy_pass http://localhost:8080;
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
add_header "Access-Control-Allow-Headers" "origin, authorization, cookie, accept";
add_header "Access-Control-Allow-Credentials" "true";
}
@dcarley
dcarley / vpnc-script-aws
Created November 8, 2017 11:44 — forked from alext/vpnc-script-aws
vpnc script to route all AWS IP ranges over VPN.
#!/bin/bash
# vpnc-script wrapper for use with openconnect that routes all AWS IP ranges over the VPN.
# Pass any additional IP ranges to be routed as args to the script.
#
# Requirements: bash, curl and jq.
#
# Example usage:
# openconnect https://vpn.example.com/profile --script '/path/to/vpnc-script-aws' --no-dtls
#
@dcarley
dcarley / order.csv
Created May 23, 2017 20:06
Farnell order for Boldport "just less than perfect" bundle
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 5.
Order Code,Line Note,Description,Manufacturer,Manufacturer Part Number,Quantity,Unit Price,Line Total
2396052,cuttle,"SWITCH, TACTILE, 50MA, 24VDC, THT; Illumination:Non Illuminated; Contact Voltage DC Nom:24V; Contact Current Max:50mA; Operating Force:160gf; Switch Terminals:Through Hole; Product Range:FSMJRT Series; SVHC:No SVHC (12-J ",TE CONNECTIVITY / ALCOSWITCH,FSM4JRT,1,GBP 0.11,GBP 0.11
1972087,cuttle,"MCU, 8BIT, ATMEGA, 20MHZ, DIP-28; Controller Family/Series:ATmega; CPU Speed:20MHz; Program Memory Size:32KB; RAM Memory Size:2KB; No. of Pins:28Pins; MCU Case Style:DIP; No. of I/O's:23I/O's; Embedded Interface Type:I2C ",MICROCHIP,ATMEGA328-PU,1,GBP 2.36,GBP 2.36
2112751,cuttle,"CAP, MLCC, Y5V, 100NF, 50V, RAD; Capacitance:0.1µF; Voltage Rating:50V; Product Range:MC Series; Capacitance Tolerance:± 20%; Capacitor Terminals:Radial Leaded; Dielectric Characteristic:Y5V; Packaging:Cut Tape; Lead Spa ",MULTICOMP,MC0805Y104M500A2.54MM,4,GBP 0.0875,GBP 0.35
9339060,cuttle + pease,"RESISTOR, CARBON FILM, 10K,