Skip to content

Instantly share code, notes, and snippets.

Jason Axley jaxley

Block or report user

Report or block jaxley

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@jaxley
jaxley / decrypt-google-auth-credentials.py
Created Feb 10, 2016
Code to decrypt obfuscated Google Smart Lock Passwords
View decrypt-google-auth-credentials.py
#!/usr/local/bin/python
# Adapted from gist https://gist.github.com/sekondus/4322469
from Crypto.Cipher import AES, blockalgo
import base64
import os
# the block size for the cipher object; must be 16, 24, or 32 for AES
BLOCK_SIZE = 32
@jaxley
jaxley / HelloRequestData.java
Created Jan 27, 2017
Demonstration of HTTP Parameter Pollution in a Servlet and dangers of rendering decoded URLs
View HelloRequestData.java
import org.apache.http.client.utils.URIBuilder;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
@jaxley
jaxley / digit.c
Created Jan 31, 2017
C code written up to answer the question of what the isdigit() C library API actually does since the type signature takes in an *integer*. What does it think are digits? Does it check that a single character is a digit 0-9? Yes! Or does it do that for longer integers? No! I tested up to INT_MAX and it only works for single-digits.
View digit.c
#include <stdio.h>
#include <ctype.h>
#include <limits.h>
/* #define MAX INT_MAX
#define MAX 65536 */
#define MAX 20
int main(int argc, char **argv) {
printf("Hello world\n");
@jaxley
jaxley / random_string.js
Created Jul 20, 2018 — forked from mozfreddyb/random_string.js
generate random strings, e.g., for passwords
View random_string.js
/*
A function to generate secure random 16-32 character passwords in your browser, using the character set
A-Za-z0-9@-
*/
/*
in one line for bookmarkletts:
javascript:!function(){"use strict";function r(){var r=new Uint16Array(n);window.crypto.getRandomValues(r);var r=Array.apply([],r);return r=r.filter(function(r){return r===45 || r>=47&&r<=57 || r>=64&&r<=90 || r>=97&&r<=122}),String.fromCharCode.apply(String,r)}for(var n=32,t=16,a=r();a.length<t;)a+=r();prompt("",a)}();
*/
View keybase.md

Keybase proof

I hereby claim:

  • I am jaxley on github.
  • I am axleyjc (https://keybase.io/axleyjc) on keybase.
  • I have a public key ASC5pDlbn_1x5ZMaHd0Po80FFpEda8wNGmyGMYyAOvk3MAo

To claim this, I am signing this object:

@jaxley
jaxley / ThingsMobileAppsStillDoNotSupportSoYouStillNeedAComputer.md
Created Sep 22, 2018
A list of annoying things that still require you to use a computer or browser because the mobile apps do noy support them
@jaxley
jaxley / ecsPrivileged.py
Last active Feb 13, 2019
Iterate all AWS ECS task families and identify any tasks with a 'privileged' container flag set
View ecsPrivileged.py
#!/usr/bin/env python
import boto3
import pprint
import sys
sys.stdout.flush()
# to support AWS profiles, just change the profile name here. Be sure you've set the region in that profile config
devSession = boto3.session.Session(profile_name='default')
client = devSession.client('ecs')
You can’t perform that action at this time.