Skip to content

Instantly share code, notes, and snippets.

Thomas Patzke thomaspatzke

  • Code published here is private and not affiliated with my employer.
  • Germany
Block or report user

Report or block thomaspatzke

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@thomaspatzke
thomaspatzke / gist:9496625
Last active Aug 29, 2015
Convert Joomla J2XML export file into files containing the title of the content element in the first line and the HTML code afterwards (suitable for Blosxom)
View gist:9496625
xmlstarlet sel -T -t -m //content -v alias -o ';' -v created -o ';' -v title -n joomlaexport.xml | while IFS=';' read alias ts title; do echo $title > $alias.txt; xmlstarlet sel -T -t -m '//content[contains(alias,"'$alias'")]' -v introtext -n joomlaexport.xml | recode html >> $alias.txt; touch -d "$ts" $alias.txt; done
@thomaspatzke
thomaspatzke / openssl-heartbleed-server.py
Created Apr 9, 2014
Very quick&dirty TLS server for testing if client implementations are affected by the Heartbleed vulnerability, before crypto (key exchange etc.) is established.
View openssl-heartbleed-server.py
#!/usr/bin/python3
# openssl-heartbleed-server.py
# Check TLS clients for OpenSSL Heartbleed vulnerability.
import socketserver
import struct
import random
class HeartbleedServer(socketserver.BaseRequestHandler):
@thomaspatzke
thomaspatzke / gist:e3dbbc7eba710874e7e3
Created Sep 12, 2014
Convert something into URL encoding
View gist:e3dbbc7eba710874e7e3
| hd | perl -ne 's/^\d+\s+//d; s/\s+\|.*?$//g; s/([\da-f]+)\s+/%$1/g; print;'
View keybase.md

Keybase proof

I hereby claim:

  • I am thomaspatzke on github.
  • I am thomaspatzke (https://keybase.io/thomaspatzke) on keybase.
  • I have a public key whose fingerprint is ADDB 3A1A 80DE 4D0E 79B9 58AD 5F1A A4D8 C753 A286

To claim this, I am signing this object:

@thomaspatzke
thomaspatzke / extract_post_parameters_from_burpexport.sh
Last active Aug 29, 2015
Extract particular HTTP request parameter value (POST) from Burp XML save file without Base64 request/response encoding. Here I extract the NavigationTarget parameter of a SAP Portal application.
View extract_post_parameters_from_burpexport.sh
xmlstarlet sel -t -m '//items/item[contains(./request,"NavigationTarget")]' -v 'substring-before(substring-after(./request, "NavigationTarget="), "&")' -n Crawl-*.xml | perl -mURI::Escape -ne 'print URI::Escape::uri_unescape($_);' | sort -u
@thomaspatzke
thomaspatzke / find_unique.sh
Created Jan 7, 2015
Generate a list of files with unique content
View find_unique.sh
find -type f -exec sha256sum {} \; | sort | perl -ne '($h, $f) = /^(\S+)\s+(.*)$/; if (defined $ph && $ph ne $h || !defined $ph) { print "$f\n" } $ph = $h; $pf = $f;'
@thomaspatzke
thomaspatzke / extract_post_parameters_from_burpexport-without_xmlstarlet.sh
Created Jan 19, 2015
Extract POST parameter (here javax.faces.ViewState) from files with saved HTTP requests
View extract_post_parameters_from_burpexport-without_xmlstarlet.sh
grep javax.faces.ViewState POSTs.xml | perl -mURI::Escape -ne '/javax\.faces\.ViewState=(.*?)&/; print URI::Escape::uri_unescape($1); print "\n"' | sort -u
@thomaspatzke
thomaspatzke / Burp-SessionHandlingActionReplaceIDInResponse.py
Created Feb 2, 2015
This is a template for a Burp extension that can be used as session handling macro action. It pulls an identifier (here: last part of location header from redirection response) from the first macro response and puts it in the given place of the current request (here: last URL path component). Adapt as needed at the places marked with "CONFIG" co…
View Burp-SessionHandlingActionReplaceIDInResponse.py
from burp import (IBurpExtender, ISessionHandlingAction)
import re
class BurpExtender(IBurpExtender, ISessionHandlingAction):
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("Path Parameter Session Handling Action")
self.callbacks.registerSessionHandlingAction(self)
self.out = callbacks.getStdout()
@thomaspatzke
thomaspatzke / hexdump.py
Last active Aug 29, 2015
Hex-only dump in Python in one line
View hexdump.py
print("\n".join([" ".join(["{:02x}".format(c) for c in bin[i:i+16]]) for i in range(0, len(bin), 16)]))
@thomaspatzke
thomaspatzke / gist:7445776
Created Nov 13, 2013
Extract HTTP URLs, Requests and Responses from Wireshark PDML file.
View gist:7445776
xmlstarlet sel -t -m '//proto[@name="http"]' --if 'descendant::field[@name="http.request"]' -o 'URL: ' -v 'descendant::field[@name="http.request.full_uri"]/@show' -n -o 'Request: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n --elif 'descendant::field[@name="http.response"]' -o 'Code: ' -v 'descendant::field[@name="http.response.code"]/@show' -o ' ' -v 'descendant::field[@name="http.response.phrase"]/@show' -n -o 'Response: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n file.pdml | perl -ne 'if (/^((?:Request|Response): )?([0-9a-f]+)$/i) { $p = $1; $e = $2; $e =~ s/([0-9a-f]{2})/$1 /ig; print "$p"; print map { chr(hex($_)) } (split / /, $e); print "\n" if ($e !~ /0[da].?$/i) } else { print }'
You can’t perform that action at this time.