Skip to content

Instantly share code, notes, and snippets.

🎯
On point

ozzi-

🎯
On point
View GitHub Profile
View getServerCert.sh
openssl s_client -showcerts -servername {{URL}} -connect {{URL}}:443 2>/dev/null
@ozzi-
ozzi- / removeSubdomainsOfURL.java
Last active Jun 11, 2020
removes all subdomains of an url
View removeSubdomainsOfURL.java
public static String removeSubdomains(String url, ArrayList<String> secondLevelDomains) {
// We need our URL in three parts, protocol - domain - path
String protocol= getProtocol(url);
url = url.substring(protocol.length());
String urlDomain=url;
String path="";
if(urlDomain.contains("/")) {
int slashPos = urlDomain.indexOf("/");
path=urlDomain.substring(slashPos);
urlDomain=urlDomain.substring(0, slashPos);
View example.js
xhr1.open("POST","http://external2.com");
xhr2.open("POST","www.external2.com");
xhr3.open("POST","//external2.com");
xhr4.open("POST","http://gist.githubusercontent.com/testrlocal");
xhr4.open("POST","gist.githubusercontent.com/testrlocal");
View example.css
@import 'fonts.googleapis.com/css?family=Advent+Pro:400,200,700');
@import "www.fonts.googleapis.com/css?family=Advent+Pro:400,200,700");
@import "https://www.fonts.googleapis.com/css?family=Advent+Pro:400,200,700");
@import url("http://fonts.googleapis.com/css?family=Raleway+Dots");
@import url('//weloveiconfonts.com/api/?family=entypo');
@import url("weloveiconfonts.com/api/?family=entypo");
html{
}
View example.html
<html>
<!-- all tags that should match -->
<link href="www.external.com">
<script type="text/javascript">
xhr1.open("POST","http://external.com");
xhr2.open("POST","www.external.com");
xhr2.open("POST","www.external-co-ul.co.uk");
xhr3.open("POST","//external.com");
xhr4.open("POST","http://gist.githubusercontent.com/testlocal");
</script>
@ozzi-
ozzi- / SecureFilePermissions.java
Last active Jan 10, 2020
cross-platform privilege hardening for files with java
View SecureFilePermissions.java
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
@ozzi-
ozzi- / sanitizeJSONValues.js
Created Nov 28, 2019
recursive iterate through json values and sanitize strings with escapeHtml
View sanitizeJSONValues.js
function sanitizeJSONValues(obj){
for (var k in obj){
if (typeof obj[k] == "object" && obj[k] !== null){
sanitizeJSON(obj[k]);
}
else{
if(typeof obj[k]=="string"){
obj[k] = escapeHtml(obj[k]);
}
}
@ozzi-
ozzi- / the_future_of_datepickers.html
Created Oct 15, 2019
top secret prototype for new HTML date pickers
View the_future_of_datepickers.html
<html>
<br>
Day:
<select>
<option value="">0</option>
<option value="">1</option>
<option value="">2</option>
<option value="">3</option>
</select>
<select>
View lighttpd_vhost.conf
server.modules += ( "mod_proxy" )
server.modules += ( "mod_auth" )
auth.debug = 2
auth.backend = "plain"
auth.backend.plain.userfile = "/var/lighttpd/.lighttpdpassword"
$HTTP["host"] == "example.localch" {
@ozzi-
ozzi- / jp2j.java
Last active Feb 20, 2020
java pojo to json
View jp2j.java
// convert json string into pojo
public static Object getAsObject(String json, Class<?> objClass) throws Exception {
JsonParser jParser = new JsonParser();
JsonObject jObj = (JsonObject) jParser.parse(json);
Object obj = objClass.getDeclaredConstructor().newInstance();
Field[] fields = objClass.getDeclaredFields();
for (int i = 0; i < fields.length; i++) {
String fieldName = fields[i].getName();
Field field = obj.getClass().getDeclaredField(fieldName);
You can’t perform that action at this time.