Skip to content

Instantly share code, notes, and snippets.

View fransr's full-sized avatar

Frans Rosén fransr

875 followers · 2 following
View GitHub Profile
@fransr
fransr / logger.js
Last active August 6, 2022 06:36
logger.js for hunting script gadgets. More info about script gadgets: https://github.com/google/security-research-pocs/tree/master/script-gadgets (Sebastian Lekies / Eduardo Vela Nava / Krzysztof Kotowicz)
var logger = console.trace;
// ELEMENT
;(getElementByIdCopy => {
Element.prototype.getElementById = function(q) {
logger('getElementById', q, this, this.innerHTML);
return Reflect.apply(getElementByIdCopy, this, [q])
}
})(Element.prototype.getElementById)
@fransr
fransr / customcsrf.py
Created February 16, 2021 08:30
Hackvertor Custom CSRF tag
import httplib
import urllib
http = httplib.HTTPSConnection('example.com', 443)
cookie = 'your=cookies';
http.request("GET", "/api/v1/csrf", "", {
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36',
'referer': 'https://example.com/',
@fransr
fransr / bucket-disclose.sh
Last active April 26, 2024 14:11
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@fransr
fransr / electrum.html
Last active November 30, 2021 11:03
Simple port-scan using embed+onerror in Safari to send gui-commands to Electrum 3.0.4 without the need of any CORS-headers
<body>
<style>pre { white-space: inherit }</style>
<pre id="log"></pre>
<div id="ports" style="visibility: hidden; height: 0; width: 0;"></div>
<iframe src="about:blank" name="x" id="x" style="display: none;"></iframe>
</body>
<script>
var electrum = {
logbreak: function() { e = document.createElement('br'); document.getElementById('log').appendChild(e); },
log: function(s) { e = document.createElement('span'); e.innerText = s+" "; document.getElementById('log').appendChild(e); },
@fransr
fransr / gist:db901674466ec5d9fe2e73da6c79818b
Created August 10, 2017 13:48
Chinese whispers bookmarklet using Google Translate
javascript:(function(){function $(i,b){b=(b?b:document);return b.getElementById(i.substr(1))};var i=location.hash.substr(1).split('/')[0]||'en',a=JSON.stringify(NND).match(/[a-zA-Z-]+/g),o=i,x,p,c=0,j=$,e=0;if(i=='auto')i='en';a=[...new Set(a)],d=[i,'or','ug','tt','tk','mg','lo','rw','si','zh'];function n(v) {c++;var l=a.pop();while(l==o||d.find(function(ee){return ee==l}))l=a.pop();if(!l||c>100){if(e){j('#result_box').innerText=v;x.close();return;}else{l=i;e=1;}};console.log(o,l,v);x=window.open(location.href.split('#')[0]+'?'+Math.random()+'#'+o+'/'+l+'/'+v.replace(/ /g,'%20'),'x');o=l;p=setInterval(q,500);}function q(){if(!j('#result_box',x.document)||!j('#result_box',x.document).innerText||!j('#result_box',x.document).innerText.length)return;clearInterval(p);txt=j('#result_box',x.document).innerText;n(txt);}n(j('#source').value);})()
@fransr
fransr / keybase.md
Created October 5, 2015 20:23
keybase.md

Keybase proof

I hereby claim:

  • I am fransr on github.
  • I am frans (https://keybase.io/frans) on keybase.
  • I have a public key whose fingerprint is C999 46C3 C7B8 A275 7FD2 8B6F 8D76 6CC3 6F62 00D9

To claim this, I am signing this object: