Skip to content

Instantly share code, notes, and snippets.

Stefano Vettorazzi stefanocoding

Block or report user

Report or block stefanocoding

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

  1. There is an open redirect on
  2. User loads
  3. Javascript code in makes a GET request to with a header x-csrf-token set to the CSRF token for the session of the user
    GET /verify/VALUE HTTP/1.1
stefanocoding /
Last active Mar 4, 2019
JACK and Bitwig using the the Intel audio chip. Tested on MacBook Pro 11,3. I get no sound using Alsa and Bitwig with the Intel chip (it works with USB interfaces), so I tried using JACK and it worked. However I had to follow these steps.
  1. Open qjackctl
  2. Click Setup...
  3. Choose "alsa" as the Driver
  4. Choose the analog interface as the Interface (in my case it is hw:PCH,0)
  5. Go to the Advanced tab
  6. Enter the number of inputs in the first textbox next to Channels I/O (2 in my case)
  7. Enter the number of outputs in the second textbox next to Channels I/O (2 in my case)
  8. Click OK
  9. Click Start
  10. Start Bitwig and select "JACK" as the Driver model
stefanocoding /
Last active Jun 8, 2019
Useful Python script to know if an email address exists, based on Inti's Medium post
# Example usage: ./ jack
import argparse
from smtplib import SMTP
import dns.resolver
parser = argparse.ArgumentParser()
args = parser.parse_args()
stefanocoding /
Last active Dec 28, 2018
Activate integrated Intel GPU of a MacBook Pro Mid 2014 (MacBookPro11,3) on Ubuntu 18.04

This may work with other Macbook Pro models that have an Intel GPU and a NVidia one, but I only have proof that this works on a MacBook Pro Mid 2014 (MacBookPro11,3) with Ubuntu 18.04. If you want to be sure about which model you have, run sudo dmidecode -t system in the Terminal and you will see the information about the system including the serial number and product name (MacBookPro11,3 in my case). I'm assuming you have installed the NVidia propietary drivers, which can be installed from the application "Software & Updates" in the tab "Additional Drivers".

Steps to use the Intel GPU:

  1. Run lspci |grep VGA and check that only one line mentioning "NVIDIA" is printed. This is to be sure that you are required to do the following steps. If two lines appear, and one of those mentions "Intel", then you probably do not need to activate the GPU but only select it as the main GPU (jump to the step where you have to "Open nvidia-settings").
  2. Download apple_set_os.efi from
stefanocoding /
Created Dec 18, 2018
Fix not working backlight when using NVidia propietary driver on Ubuntu 18.04 installed in a Macbook Pro Mid 2014.

After installing the latest NVidia proprietary driver (version 390) using Software & Updates > Additional Drivers, it wasn't possible to change the backlight intensity/brightness of the screen.

The solution that worked for me was to run: sudo setpci -H1 -s 00:01.00 BRIDGE_CONTROL=0. If that solution works for you too, then you may want to make the change permanent. Otherwise, you will have to run the same command each time you power on your Macbook.

Steps to make the change permanent:

  1. Open "Terminal"
  2. Run sudo gedit /etc/rc.local
  3. Enter:
stefanocoding /
Last active Sep 13, 2019
Install macOS in a VirtualBox machine on Ubuntu

Important: I'm writing this when the last version of macOS (and the one I have installed) is Mojave. There is already a script which installs Mojave in a virtual machine here But if you are curios how to do everything manually to install High Sierra, then this guide may be useful.

After reading a few articles I ended up with these steps:

  1. On macOS, download the High Sierra installer (even if you have Mojave installed):
  2. If the High Sierra Installer starts, quit it.
  3. Open "Disk Utility".
  4. Click on "File" > "New Image" > "Blank image...". Or just press cmd+N.
stefanocoding /
Created Oct 5, 2018
When `` is evaluated #xss

The following is not a bug in the web browsers - it's supposed to work this way - but is useful in some cases like the one described.

In one of the Javascript files loaded by an endpoint of a private program, they were taking the value of and passing it to something like eval([here]) or setTimeout([here], [some_milliseconds]), I don't remember correctly... The thing is that the value of was being evaluated as Javascript code, so = 'alert()' showed an alert(). To use this behavior for an attack, you have two options:

  1. if the endpoint is frameable from any domain, you can create an <iframe name='[javascript_code_here]' src='[vulnerable_endpoint]'></iframe>
  2. if it's not frameable, you can set = '[javascript_code_here]' in your own domain and then redirect to the vulnerable endpoint

The one I used was the second option. 💰

stefanocoding /
Last active Oct 18, 2019
This Burp extension adds an item to the context menu - when right-clicking in the request in Proxy or Repeater - to copy the entire "Cookie" header without having to manually select it and press Ctrl+C. It's useful for me when updating session information of tabs in the Repeater for saved projects.
stefanocoding /
Created Apr 9, 2018
Burp Extension to highlight in the Proxy requests that are in scope
from burp import IBurpExtender
from burp import IProxyListener
class BurpExtender(IBurpExtender, IProxyListener):
def registerExtenderCallbacks(self, callbacks):
self.helpers = callbacks.getHelpers()
self.callbacks = callbacks
callbacks.setExtensionName('Highlight in scope')
stefanocoding /
Created Feb 24, 2018
Make modem Huawei E397B work on Mac OS X
  1. Install the Connection Manager that is launched when you connect the modem to the Mac
  2. Download the source of usb_modeswitch from here (at the moment of writing this the file appears with the name usb-modeswitch-2.5.2.tar.bz2)
  3. Run make in the directory of the source you downloaded
  4. Run sudo ./usb_modeswitch -v12d1 -p1505 -X in the same directory

If the last step returns an error (I don't remember the error now, but I was getting an error related to usb_modeswitch not being able to take control of the modem to perfom changes):

  1. Unplug the modem and plug it again
  2. As soon as you plug the modem again, run sudo ./usb_modeswitch -v12d1 -p1505 -X repatedly until you get a successful result
  3. Open Connection Manager and your modem is going to be detected
You can’t perform that action at this time.