Skip to content

Instantly share code, notes, and snippets.

@jaxley
jaxley / HelloRequestData.java
Created January 27, 2017 22:49
Demonstration of HTTP Parameter Pollution in a Servlet and dangers of rendering decoded URLs
import org.apache.http.client.utils.URIBuilder;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
@jaxley
jaxley / ecsPrivileged.py
Last active February 13, 2019 00:02
Iterate all AWS ECS task families and identify any tasks with a 'privileged' container flag set
#!/usr/bin/env python
import boto3
import pprint
import sys
sys.stdout.flush()
# to support AWS profiles, just change the profile name here. Be sure you've set the region in that profile config
devSession = boto3.session.Session(profile_name='default')
client = devSession.client('ecs')
@jaxley
jaxley / ThingsMobileAppsStillDoNotSupportSoYouStillNeedAComputer.md
Created September 22, 2018 15:31
A list of annoying things that still require you to use a computer or browser because the mobile apps do noy support them

Todo

Keybase proof

I hereby claim:

  • I am jaxley on github.
  • I am axleyjc (https://keybase.io/axleyjc) on keybase.
  • I have a public key ASC5pDlbn_1x5ZMaHd0Po80FFpEda8wNGmyGMYyAOvk3MAo

To claim this, I am signing this object:

@jaxley
jaxley / random_string.js
Created July 20, 2018 17:29 — forked from mozfreddyb/random_string.js
generate random strings, e.g., for passwords
/*
A function to generate secure random 16-32 character passwords in your browser, using the character set
A-Za-z0-9@-
*/
/*
in one line for bookmarkletts:
javascript:!function(){"use strict";function r(){var r=new Uint16Array(n);window.crypto.getRandomValues(r);var r=Array.apply([],r);return r=r.filter(function(r){return r===45 || r>=47&&r<=57 || r>=64&&r<=90 || r>=97&&r<=122}),String.fromCharCode.apply(String,r)}for(var n=32,t=16,a=r();a.length<t;)a+=r();prompt("",a)}();
*/
@jaxley
jaxley / digit.c
Created January 31, 2017 18:11
C code written up to answer the question of what the isdigit() C library API actually does since the type signature takes in an *integer*. What does it think are digits? Does it check that a single character is a digit 0-9? Yes! Or does it do that for longer integers? No! I tested up to INT_MAX and it only works for single-digits.
#include <stdio.h>
#include <ctype.h>
#include <limits.h>
/* #define MAX INT_MAX
#define MAX 65536 */
#define MAX 20
int main(int argc, char **argv) {
printf("Hello world\n");
@jaxley
jaxley / decrypt-google-auth-credentials.py
Created February 10, 2016 06:21
Code to decrypt obfuscated Google Smart Lock Passwords
#!/usr/local/bin/python
# Adapted from gist https://gist.github.com/sekondus/4322469
from Crypto.Cipher import AES, blockalgo
import base64
import os
# the block size for the cipher object; must be 16, 24, or 32 for AES
BLOCK_SIZE = 32