Skip to content

Instantly share code, notes, and snippets.

View mwielgoszewski's full-sized avatar

Marcin Wielgoszewski mwielgoszewski

View GitHub Profile
#!/usr/bin/env python
import json
import requests
import StringIO
import sys
import zipfile
def download_crx(identifier):
sys.stderr.write("Downloading {0}\n".format(identifier))
@mwielgoszewski
mwielgoszewski / gist:8a954ed3ce29fda7b844
Created May 19, 2015 20:02
iOS Security Guide (October vs April)
>>> for n, pages in enumerate(diff, 1):
... print 'page: %d -> %.4f%%' % (n, difflib.SequenceMatcher(None, *pages).ratio() * 100)
page: 1 -> 66.6667%
page: 2 -> 94.1598%
page: 3 -> 82.4145%
page: 4 -> 99.3867%
page: 5 -> 99.3815%
page: 6 -> 99.4215%
page: 7 -> 97.5767%

Keybase proof

I hereby claim:

  • I am mwielgoszewski on github.
  • I am marcin (https://keybase.io/marcin) on keybase.
  • I have a public key whose fingerprint is 66BB 5179 6968 5989 A287 25C4 4FCD 9C87 3610 C4D5

To claim this, I am signing this object:

# -*- coding: utf-8 -*-
from java.awt.event import ActionListener
from javax.swing import JMenu, JMenuItem
from java.io import PrintWriter
from burp import IBurpExtender, IContextMenuFactory, IMessageEditorTab, IMessageEditorTabFactory, IScannerInsertionPoint, IScannerInsertionPointProvider
from array import array
from gds.gwt.GWTParser import GWTParser
import traceback
from itertools import chain, cycle, dropwhile, islice, product
import string
def pattern_create(*args):
return ''.join(islice(chain.from_iterable(cycle(product(string.uppercase, string.lowercase, string.digits))), *args))
@mwielgoszewski
mwielgoszewski / burpscript.py
Last active October 27, 2021 01:32
This extension registers an IHttpListener configured to execute a custom script editable via the Script tab added to Burp. The script is executed in the context with the following global and local variables (extender, callbacks, helpers, toolFlag, messageIsRequest, messageInfo).
from java.awt import Font
from javax.swing import JScrollPane, JTextPane
from javax.swing.text import SimpleAttributeSet
from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab
import base64
import traceback
# -*- coding: utf-8 -*-
"""
Created on Fri Dec 28 14:16:12 2012
@author: Nick Coblentz
Some of this code is borrowed from Brian Holyfield's Burp plugin located here: https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In
It is also fully dependent on having NBFS.exe from his plugin in the same directory as Burp.
"""
from burp import IBurpExtender
@mwielgoszewski
mwielgoszewski / ratelimiter.py
Last active September 16, 2018 08:08
A GitHub rate-limiting adapter for the requests module.
# -*- coding: utf-8 -*-
'''
Usage:
session = requests.Session()
session.mount('https://', RateLimitAdapter())
'''
from datetime import datetime
from collections import deque
import logging
@mwielgoszewski
mwielgoszewski / gist:4649506
Last active December 11, 2015 19:38
The following exploits AES constructions that use the Key as Initialization Vector. See http://www.gnu.org/software/shishi/manual/html_node/Key-as-initialization-vector.html for details.
from gluon.utils import AES_new
KEY = 'testtesttesttest'
PLAINTEXT = 'The quick brown fox jumped over the lazy dog.The quick brown fox'
def xor(a, b):
return bytearray(x ^ y for x, y in zip(a, b))
def exploit():
# ciphertext produced by web2py