Skip to content

Instantly share code, notes, and snippets.


Marcin Wielgoszewski mwielgoszewski

View GitHub Profile
#!/usr/bin/env python
import json
import requests
import StringIO
import sys
import zipfile
def download_crx(identifier):
sys.stderr.write("Downloading {0}\n".format(identifier))
mwielgoszewski / gist:8a954ed3ce29fda7b844
Created May 19, 2015
iOS Security Guide (October vs April)
View gist:8a954ed3ce29fda7b844
>>> for n, pages in enumerate(diff, 1):
... print 'page: %d -> %.4f%%' % (n, difflib.SequenceMatcher(None, *pages).ratio() * 100)
page: 1 -> 66.6667%
page: 2 -> 94.1598%
page: 3 -> 82.4145%
page: 4 -> 99.3867%
page: 5 -> 99.3815%
page: 6 -> 99.4215%
page: 7 -> 97.5767%

Keybase proof

I hereby claim:

  • I am mwielgoszewski on github.
  • I am marcin ( on keybase.
  • I have a public key whose fingerprint is 66BB 5179 6968 5989 A287 25C4 4FCD 9C87 3610 C4D5

To claim this, I am signing this object:

# -*- coding: utf-8 -*-
from java.awt.event import ActionListener
from javax.swing import JMenu, JMenuItem
from import PrintWriter
from burp import IBurpExtender, IContextMenuFactory, IMessageEditorTab, IMessageEditorTabFactory, IScannerInsertionPoint, IScannerInsertionPointProvider
from array import array
from gds.gwt.GWTParser import GWTParser
import traceback
from itertools import chain, cycle, dropwhile, islice, product
import string
def pattern_create(*args):
return ''.join(islice(chain.from_iterable(cycle(product(string.uppercase, string.lowercase, string.digits))), *args))
mwielgoszewski /
Last active Oct 27, 2021
This extension registers an IHttpListener configured to execute a custom script editable via the Script tab added to Burp. The script is executed in the context with the following global and local variables (extender, callbacks, helpers, toolFlag, messageIsRequest, messageInfo).
from java.awt import Font
from javax.swing import JScrollPane, JTextPane
from javax.swing.text import SimpleAttributeSet
from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab
import base64
import traceback
# -*- coding: utf-8 -*-
Created on Fri Dec 28 14:16:12 2012
@author: Nick Coblentz
Some of this code is borrowed from Brian Holyfield's Burp plugin located here:
It is also fully dependent on having NBFS.exe from his plugin in the same directory as Burp.
from burp import IBurpExtender
mwielgoszewski /
Last active Sep 16, 2018
A GitHub rate-limiting adapter for the requests module.
# -*- coding: utf-8 -*-
session = requests.Session()
session.mount('https://', RateLimitAdapter())
from datetime import datetime
from collections import deque
import logging
mwielgoszewski / gist:4649506
Last active Dec 11, 2015
The following exploits AES constructions that use the Key as Initialization Vector. See for details.
View gist:4649506
from gluon.utils import AES_new
KEY = 'testtesttesttest'
PLAINTEXT = 'The quick brown fox jumped over the lazy dog.The quick brown fox'
def xor(a, b):
return bytearray(x ^ y for x, y in zip(a, b))
def exploit():
# ciphertext produced by web2py