Skip to content

Instantly share code, notes, and snippets.

Thomas Patzke thomaspatzke

  • Code published here is private and not affiliated with my employer.
  • Germany
Block or report user

Report or block thomaspatzke

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@thomaspatzke
thomaspatzke / gist:7445776
Created Nov 13, 2013
Extract HTTP URLs, Requests and Responses from Wireshark PDML file.
View gist:7445776
xmlstarlet sel -t -m '//proto[@name="http"]' --if 'descendant::field[@name="http.request"]' -o 'URL: ' -v 'descendant::field[@name="http.request.full_uri"]/@show' -n -o 'Request: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n --elif 'descendant::field[@name="http.response"]' -o 'Code: ' -v 'descendant::field[@name="http.response.code"]/@show' -o ' ' -v 'descendant::field[@name="http.response.phrase"]/@show' -n -o 'Response: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n file.pdml | perl -ne 'if (/^((?:Request|Response): )?([0-9a-f]+)$/i) { $p = $1; $e = $2; $e =~ s/([0-9a-f]{2})/$1 /ig; print "$p"; print map { chr(hex($_)) } (split / /, $e); print "\n" if ($e !~ /0[da].?$/i) } else { print }'
@thomaspatzke
thomaspatzke / gist:7445851
Created Nov 13, 2013
Create HTML with links to all HTTP servers from nmap scan results.
View gist:7445851
xmlstarlet sel -T -t -m '//port/service[@name="http"]' -v 'concat(ancestor::host/address/@addr, ":", ../@portid, " <a href=http://", ancestor::host/address/@addr, ":", ../@portid, ">HTTP</a> <a href=https://", ancestor::host/address/@addr, ":", ../@portid, ">HTTPS</a><br />")' -n file.xml
@thomaspatzke
thomaspatzke / gist:7481047
Created Nov 15, 2013
Create "host;name;port;service;product" CSV from nmap scan XML.
View gist:7481047
xmlstarlet sel -t -m '//port/state[@state="open"]' -v 'concat(ancestor::host/address/@addr,";",ancestor::host/hostnames/hostname[position()=1]/@name,";",../@portid,";",../service/@name,";",../service/@product)' -n file.xml
@thomaspatzke
thomaspatzke / gist:8919230
Created Feb 10, 2014
Search all memory sections from a core dump for a particular string
View gist:8919230
readelf -l core | perl -ne 'if (/^\s*LOAD\s+\S+\s+(\S+)\s+\S+\s+(\S+)/) { print "printf \"=== $1 ===\\n\"\nfind $1, +$2, \"Search\"\n" }' > searchmem.gdb
gdb executable core < searchmem.gdb
@thomaspatzke
thomaspatzke / gist:9496625
Last active Aug 29, 2015
Convert Joomla J2XML export file into files containing the title of the content element in the first line and the HTML code afterwards (suitable for Blosxom)
View gist:9496625
xmlstarlet sel -T -t -m //content -v alias -o ';' -v created -o ';' -v title -n joomlaexport.xml | while IFS=';' read alias ts title; do echo $title > $alias.txt; xmlstarlet sel -T -t -m '//content[contains(alias,"'$alias'")]' -v introtext -n joomlaexport.xml | recode html >> $alias.txt; touch -d "$ts" $alias.txt; done
@thomaspatzke
thomaspatzke / openssl-heartbleed-server.py
Created Apr 9, 2014
Very quick&dirty TLS server for testing if client implementations are affected by the Heartbleed vulnerability, before crypto (key exchange etc.) is established.
View openssl-heartbleed-server.py
#!/usr/bin/python3
# openssl-heartbleed-server.py
# Check TLS clients for OpenSSL Heartbleed vulnerability.
import socketserver
import struct
import random
class HeartbleedServer(socketserver.BaseRequestHandler):
@thomaspatzke
thomaspatzke / mysapsso-decoder.py
Last active Dec 27, 2018
Decoder/Encoder for MYSAPSSO2 Cookies/SAP SSO tokens
View mysapsso-decoder.py
#!/usr/bin/python3
# mysapsso.py - Decoding MYSAPSSO2 cookies
import sys
import fileinput
import urllib.parse
import base64
import binascii
import re
import struct
@thomaspatzke
thomaspatzke / gist:e3dbbc7eba710874e7e3
Created Sep 12, 2014
Convert something into URL encoding
View gist:e3dbbc7eba710874e7e3
| hd | perl -ne 's/^\d+\s+//d; s/\s+\|.*?$//g; s/([\da-f]+)\s+/%$1/g; print;'
View keybase.md

Keybase proof

I hereby claim:

  • I am thomaspatzke on github.
  • I am thomaspatzke (https://keybase.io/thomaspatzke) on keybase.
  • I have a public key whose fingerprint is ADDB 3A1A 80DE 4D0E 79B9 58AD 5F1A A4D8 C753 A286

To claim this, I am signing this object:

@thomaspatzke
thomaspatzke / extract_post_parameters_from_burpexport.sh
Last active Aug 29, 2015
Extract particular HTTP request parameter value (POST) from Burp XML save file without Base64 request/response encoding. Here I extract the NavigationTarget parameter of a SAP Portal application.
View extract_post_parameters_from_burpexport.sh
xmlstarlet sel -t -m '//items/item[contains(./request,"NavigationTarget")]' -v 'substring-before(substring-after(./request, "NavigationTarget="), "&")' -n Crawl-*.xml | perl -mURI::Escape -ne 'print URI::Escape::uri_unescape($_);' | sort -u
You can’t perform that action at this time.