Skip to content

Instantly share code, notes, and snippets.

Marcin Wielgoszewski mwielgoszewski

Block or report user

Report or block mwielgoszewski

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View get_crx_manifests.py
#!/usr/bin/env python
import json
import requests
import StringIO
import sys
import zipfile
def download_crx(identifier):
sys.stderr.write("Downloading {0}\n".format(identifier))
@mwielgoszewski
mwielgoszewski / gist:8a954ed3ce29fda7b844
Created May 19, 2015
iOS Security Guide (October vs April)
View gist:8a954ed3ce29fda7b844
>>> for n, pages in enumerate(diff, 1):
... print 'page: %d -> %.4f%%' % (n, difflib.SequenceMatcher(None, *pages).ratio() * 100)
page: 1 -> 66.6667%
page: 2 -> 94.1598%
page: 3 -> 82.4145%
page: 4 -> 99.3867%
page: 5 -> 99.3815%
page: 6 -> 99.4215%
page: 7 -> 97.5767%
View keybase.md

Keybase proof

I hereby claim:

  • I am mwielgoszewski on github.
  • I am marcin (https://keybase.io/marcin) on keybase.
  • I have a public key whose fingerprint is 66BB 5179 6968 5989 A287 25C4 4FCD 9C87 3610 C4D5

To claim this, I am signing this object:

View gwtmenu.py
# -*- coding: utf-8 -*-
from java.awt.event import ActionListener
from javax.swing import JMenu, JMenuItem
from java.io import PrintWriter
from burp import IBurpExtender, IContextMenuFactory, IMessageEditorTab, IMessageEditorTabFactory, IScannerInsertionPoint, IScannerInsertionPointProvider
from array import array
from gds.gwt.GWTParser import GWTParser
import traceback
View pattern_create.py
from itertools import chain, cycle, dropwhile, islice, product
import string
def pattern_create(*args):
return ''.join(islice(chain.from_iterable(cycle(product(string.uppercase, string.lowercase, string.digits))), *args))
@mwielgoszewski
mwielgoszewski / burpscript.py
Last active Jan 3, 2020
This extension registers an IHttpListener configured to execute a custom script editable via the Script tab added to Burp. The script is executed in the context with the following global and local variables (extender, callbacks, helpers, toolFlag, messageIsRequest, messageInfo).
View burpscript.py
from java.awt import Font
from javax.swing import JScrollPane, JTextPane
from javax.swing.text import SimpleAttributeSet
from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab
import base64
import traceback
View WcfBinaryBurpPlugin.py
# -*- coding: utf-8 -*-
"""
Created on Fri Dec 28 14:16:12 2012
@author: Nick Coblentz
Some of this code is borrowed from Brian Holyfield's Burp plugin located here: https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In
It is also fully dependent on having NBFS.exe from his plugin in the same directory as Burp.
"""
from burp import IBurpExtender
@mwielgoszewski
mwielgoszewski / ratelimiter.py
Last active Sep 16, 2018
A GitHub rate-limiting adapter for the requests module.
View ratelimiter.py
# -*- coding: utf-8 -*-
'''
Usage:
session = requests.Session()
session.mount('https://', RateLimitAdapter())
'''
from datetime import datetime
from collections import deque
import logging
@mwielgoszewski
mwielgoszewski / gist:4649506
Last active Dec 11, 2015
The following exploits AES constructions that use the Key as Initialization Vector. See http://www.gnu.org/software/shishi/manual/html_node/Key-as-initialization-vector.html for details.
View gist:4649506
from gluon.utils import AES_new
KEY = 'testtesttesttest'
PLAINTEXT = 'The quick brown fox jumped over the lazy dog.The quick brown fox'
def xor(a, b):
return bytearray(x ^ y for x, y in zip(a, b))
def exploit():
# ciphertext produced by web2py
You can’t perform that action at this time.