cat introspection_query.json
{
"query": "query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
FROM golang:1.11-alpine as builder | |
WORKDIR /myapp | |
COPY go.mod . | |
COPY go.sum . | |
RUN apk add --no-cache ca-certificates git | |
# Get dependancies - will also be cached if we won't change mod/sum | |
RUN go mod download |
While building a React Chrome extension using the create-react-app
utility (v2.x), I came across the following error on loading my unpacked extension:
Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’
blob: filesystem: chrome-extension-resource:”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-
GgRxrVOKNdB4LrRsVPDSbzvfdV4UqglmviH9GoBJ5jk=’), or a nonce (‘nonce-…’) is required to enable inline execution.
Basically, this error arises as Chrome (or almost any modern browser) will not allow inline scripts to get executed. This CSP restriction resulted in the above error as the build script in create-react-app
bundles the .js
files in <script>
tags in the <body>
of index.html
.
|
Here’s a quick tip to find forgotten database dumps using this small but quick fuzz list: | |
/back.sql | |
/backup.sql | |
/accounts.sql | |
/backups.sql | |
/clients.sql | |
/customers.sql | |
/data.sql | |
/database.sql | |
/database.sqlite |
Redirect dorks | |
/{payload} | |
?next={payload} | |
?url={payload} | |
?target={payload} | |
?rurl={payload} | |
?dest={payload} | |
?destination={payload} | |
?redir={payload} |
Recommended extentions for BurpSuite | |
JSON Beautifier | |
Param Miner | |
HTTP Request Smuggler | |
Backslash Powered Scanner | |
Reflected Parameters | |
Software Vulnerability Scanner | |
Java Deserialization Scanner | |
. Net Beautifier | |
Copy As Python-Request |
Free stuff is always exciting. But, what if it is free and awesome? Free tools and resources you’re gonna love. | |
Let's start! | |
1. UI Garage | |
Daily UI inspiration & patterns for designers, developers to find inspiration, tools and the best resources for your project. | |
Link: https://uigarage.net/ | |
2. Remove bg |
Free stuff is always exciting. But, what if it is free and awesome? Free tools and resources you're gonna love. Part 2. | |
Let's start! | |
1. Caniuse.com | |
"Can I use" provides up-to-date browser support tables for support of front-end web technologies on desktop and mobile web browsers. | |
Link: https://caniuse.com/ | |
2. Javascript.info | |
Modern JavaScript Tutorial: simple, but detailed explanations with examples and tasks, including: closures, document and events, object oriented programming and more. |
❌❌ :RECON CHECKLIST:❌❌ | |
1. Subdomain Enumeration: subfinder-amass-altdns-sublister-assetfinder-findomain | |
2.Resolving Subdomains: HTTPX/HTTPROBE | |
3. Screenshotting: HTTPX/AQUATONE/EYEWITNESS/GOWITNESS | |
4. Port Scan: Nmap/Zenmap/Aquatone/Amass | |
5. Directory Bruteforce: FFUF/Dirsearch/Dirbuster | |
6. Crawling: waybackurls/gau | |
7. Finding endpoints from JS: relative-url-extracter | |
8. Manual Recon: Burp Suite |