Marcin Wielgoszewski mwielgoszewski

## victron-secured-mfd.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                mwielgoszewski
                / victron-secured-mfd.md
            
            
              Created
              December 22, 2024 03:06
            
          
    Using Victron Energy MFD integration with "secured" mode enabled

With the introduction of VenusOS v3.50, a new "secured" network profile mode has
been added which automatically adds support for HTTPS (using a self-signed
certificate). This breaks support for some MFD's that expect to access resources
over HTTP and/or without having to support cookie sessions or authentication.
From the release notes:

It is no longer necessary to enable MQTT when using the Marine MFD HTML5 App.


## get_crx_manifests.py
#!/usr/bin/env python
import json
import requests
import StringIO
import sys
import zipfile


def download_crx(identifier):
    sys.stderr.write("Downloading {0}\n".format(identifier))

## gist:8a954ed3ce29fda7b844
>>> for n, pages in enumerate(diff, 1):
...   print 'page: %d -> %.4f%%' % (n, difflib.SequenceMatcher(None, *pages).ratio() * 100)

page: 1 -> 66.6667%
page: 2 -> 94.1598%
page: 3 -> 82.4145%
page: 4 -> 99.3867%
page: 5 -> 99.3815%
page: 6 -> 99.4215%
page: 7 -> 97.5767%

## keybase.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                mwielgoszewski
                / keybase.md
            
            
              Created
              March 17, 2014 00:17
            
          
    Keybase proof

I hereby claim:

I am mwielgoszewski on github.
I am marcin (https://keybase.io/marcin) on keybase.
I have a public key whose fingerprint is 66BB 5179 6968 5989 A287  25C4 4FCD 9C87 3610 C4D5

To claim this, I am signing this object:

  
## gwtmenu.py
# -*- coding: utf-8 -*-
from java.awt.event import ActionListener
from javax.swing import JMenu, JMenuItem
from java.io import PrintWriter

from burp import IBurpExtender, IContextMenuFactory, IMessageEditorTab, IMessageEditorTabFactory, IScannerInsertionPoint, IScannerInsertionPointProvider

from array import array
from gds.gwt.GWTParser import GWTParser
import traceback

## pattern_create.py
from itertools import chain, cycle, dropwhile, islice, product
import string

def pattern_create(*args):
    return ''.join(islice(chain.from_iterable(cycle(product(string.uppercase, string.lowercase, string.digits))), *args))

## burpscript.py
from java.awt import Font
from javax.swing import JScrollPane, JTextPane
from javax.swing.text import SimpleAttributeSet

from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab

import base64
import traceback


## WcfBinaryBurpPlugin.py
# -*- coding: utf-8 -*-
"""
Created on Fri Dec 28 14:16:12 2012

@author: Nick Coblentz
Some of this code is borrowed from Brian Holyfield's Burp plugin located here: https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In
It is also fully dependent on having NBFS.exe from his plugin in the same directory as Burp.
"""

from burp import IBurpExtender

## ratelimiter.py
# -*- coding: utf-8 -*-
'''
Usage:

session = requests.Session()
session.mount('https://', RateLimitAdapter())
'''
from datetime import datetime
from collections import deque
import logging

## gist:4649506
from gluon.utils import AES_new

KEY = 'testtesttesttest'
PLAINTEXT = 'The quick brown fox jumped over the lazy dog.The quick brown fox'

def xor(a, b):
  return bytearray(x ^ y for x, y in zip(a, b))

def exploit():
  # ciphertext produced by web2py
	#!/usr/bin/env python
	import json
	import requests
	import StringIO
	import sys
	import zipfile


	def download_crx(identifier):
	sys.stderr.write("Downloading {0}\n".format(identifier))
	>>> for n, pages in enumerate(diff, 1):
	... print 'page: %d -> %.4f%%' % (n, difflib.SequenceMatcher(None, pages).ratio() 100)

	page: 1 -> 66.6667%
	page: 2 -> 94.1598%
	page: 3 -> 82.4145%
	page: 4 -> 99.3867%
	page: 5 -> 99.3815%
	page: 6 -> 99.4215%
	page: 7 -> 97.5767%
	# -- coding: utf-8 --
	from java.awt.event import ActionListener
	from javax.swing import JMenu, JMenuItem
	from java.io import PrintWriter

	from burp import IBurpExtender, IContextMenuFactory, IMessageEditorTab, IMessageEditorTabFactory, IScannerInsertionPoint, IScannerInsertionPointProvider

	from array import array
	from gds.gwt.GWTParser import GWTParser
	import traceback
	from itertools import chain, cycle, dropwhile, islice, product
	import string

	def pattern_create(*args):
	return ''.join(islice(chain.from_iterable(cycle(product(string.uppercase, string.lowercase, string.digits))), *args))
	from java.awt import Font
	from javax.swing import JScrollPane, JTextPane
	from javax.swing.text import SimpleAttributeSet

	from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab

	import base64
	import traceback
	# -- coding: utf-8 --
	"""
	Created on Fri Dec 28 14:16:12 2012

	@author: Nick Coblentz
	Some of this code is borrowed from Brian Holyfield's Burp plugin located here: https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In
	It is also fully dependent on having NBFS.exe from his plugin in the same directory as Burp.
	"""

	from burp import IBurpExtender
	# -- coding: utf-8 --
	'''
	Usage:

	session = requests.Session()
	session.mount('https://', RateLimitAdapter())
	'''
	from datetime import datetime
	from collections import deque
	import logging
	from gluon.utils import AES_new

	KEY = 'testtesttesttest'
	PLAINTEXT = 'The quick brown fox jumped over the lazy dog.The quick brown fox'

	def xor(a, b):
	return bytearray(x ^ y for x, y in zip(a, b))

	def exploit():
	# ciphertext produced by web2py