Skip to content

Instantly share code, notes, and snippets.

View thomaspatzke's full-sized avatar

Thomas Patzke thomaspatzke

View GitHub Profile
@thomaspatzke
thomaspatzke / gist:7445776
Created November 13, 2013 08:47
Extract HTTP URLs, Requests and Responses from Wireshark PDML file.
xmlstarlet sel -t -m '//proto[@name="http"]' --if 'descendant::field[@name="http.request"]' -o 'URL: ' -v 'descendant::field[@name="http.request.full_uri"]/@show' -n -o 'Request: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n --elif 'descendant::field[@name="http.response"]' -o 'Code: ' -v 'descendant::field[@name="http.response.code"]/@show' -o ' ' -v 'descendant::field[@name="http.response.phrase"]/@show' -n -o 'Response: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n file.pdml | perl -ne 'if (/^((?:Request|Response): )?([0-9a-f]+)$/i) { $p = $1; $e = $2; $e =~ s/([0-9a-f]{2})/$1 /ig; print "$p"; print map { chr(hex($_)) } (split / /, $e); print "\n" if ($e !~ /0[da].?$/i) } else { print }'
@thomaspatzke
thomaspatzke / gist:7445851
Created November 13, 2013 08:54
Create HTML with links to all HTTP servers from nmap scan results.
xmlstarlet sel -T -t -m '//port/service[@name="http"]' -v 'concat(ancestor::host/address/@addr, ":", ../@portid, " <a href=http://", ancestor::host/address/@addr, ":", ../@portid, ">HTTP</a> <a href=https://", ancestor::host/address/@addr, ":", ../@portid, ">HTTPS</a><br />")' -n file.xml
@thomaspatzke
thomaspatzke / gist:7481047
Created November 15, 2013 08:35
Create "host;name;port;service;product" CSV from nmap scan XML.
xmlstarlet sel -t -m '//port/state[@state="open"]' -v 'concat(ancestor::host/address/@addr,";",ancestor::host/hostnames/hostname[position()=1]/@name,";",../@portid,";",../service/@name,";",../service/@product)' -n file.xml
@thomaspatzke
thomaspatzke / gist:8919230
Created February 10, 2014 16:32
Search all memory sections from a core dump for a particular string
readelf -l core | perl -ne 'if (/^\s*LOAD\s+\S+\s+(\S+)\s+\S+\s+(\S+)/) { print "printf \"=== $1 ===\\n\"\nfind $1, +$2, \"Search\"\n" }' > searchmem.gdb
gdb executable core < searchmem.gdb
@thomaspatzke
thomaspatzke / gist:9496625
Last active August 29, 2015 13:57
Convert Joomla J2XML export file into files containing the title of the content element in the first line and the HTML code afterwards (suitable for Blosxom)
xmlstarlet sel -T -t -m //content -v alias -o ';' -v created -o ';' -v title -n joomlaexport.xml | while IFS=';' read alias ts title; do echo $title > $alias.txt; xmlstarlet sel -T -t -m '//content[contains(alias,"'$alias'")]' -v introtext -n joomlaexport.xml | recode html >> $alias.txt; touch -d "$ts" $alias.txt; done
@thomaspatzke
thomaspatzke / openssl-heartbleed-server.py
Created April 9, 2014 15:10
Very quick&dirty TLS server for testing if client implementations are affected by the Heartbleed vulnerability, before crypto (key exchange etc.) is established.
#!/usr/bin/python3
# openssl-heartbleed-server.py
# Check TLS clients for OpenSSL Heartbleed vulnerability.
import socketserver
import struct
import random
class HeartbleedServer(socketserver.BaseRequestHandler):
@thomaspatzke
thomaspatzke / mysapsso-decoder.py
Last active June 7, 2023 14:54
Decoder/Encoder for MYSAPSSO2 Cookies/SAP SSO tokens
#!/usr/bin/python3
# mysapsso.py - Decoding MYSAPSSO2 cookies
import sys
import fileinput
import urllib.parse
import base64
import binascii
import re
import struct
@thomaspatzke
thomaspatzke / gist:e3dbbc7eba710874e7e3
Created September 12, 2014 11:29
Convert something into URL encoding
| hd | perl -ne 's/^\d+\s+//d; s/\s+\|.*?$//g; s/([\da-f]+)\s+/%$1/g; print;'
@thomaspatzke
thomaspatzke / keybase.md
Last active August 29, 2015 14:07
keybase.md

Keybase proof

I hereby claim:

  • I am thomaspatzke on github.
  • I am thomaspatzke (https://keybase.io/thomaspatzke) on keybase.
  • I have a public key whose fingerprint is ADDB 3A1A 80DE 4D0E 79B9 58AD 5F1A A4D8 C753 A286

To claim this, I am signing this object:

@thomaspatzke
thomaspatzke / extract_post_parameters_from_burpexport.sh
Last active August 29, 2015 14:11
Extract particular HTTP request parameter value (POST) from Burp XML save file without Base64 request/response encoding. Here I extract the NavigationTarget parameter of a SAP Portal application.
xmlstarlet sel -t -m '//items/item[contains(./request,"NavigationTarget")]' -v 'substring-before(substring-after(./request, "NavigationTarget="), "&")' -n Crawl-*.xml | perl -mURI::Escape -ne 'print URI::Escape::uri_unescape($_);' | sort -u