Skip to content

Instantly share code, notes, and snippets.

View Genzer's full-sized avatar

Genzer Hawker Genzer

View GitHub Profile
@ndavison
ndavison / haproxy-smuggling.md
Last active March 16, 2026 11:57
HAProxy HTTP request smuggling

The following describes a technique to achieve HTTP request smuggling against infrastructure behind a HAProxy server when using specific configuration around backend connection reuse. This was tested against HAProxy versions 1.7.9, 1.7.11, 1.8.19, 1.8.21, 1.9.10, and 2.0.5. Of all these tested versions, only 2.0.5 was not vulnerable out of the box, although it is when using the no option http-use-htx configuration, which reverts back to the legacy HTTP decoder. 2.1 removed the legacy decoder so it is not affected.

To actually exploit HTTP smuggling using the issue described in this writeup, the backend server(s) behind HAProxy would also have to be vulnerable in the sense they too would need to suffer from a bug, but one which parses and accepts a poorly formed Transfer-Encoding header (almost certainly violating RFC7230), and allows HTTP keep-alive.

The HAProxy bug - sending both Transfer-Encoding and Content-Length

This is how HAProxy handles a request when Transfer-Encoding and Content-Length is p

@alipandidan
alipandidan / list_jenkins_credentials.groovy
Created July 11, 2019 07:23
List Jenkins Credentials
def StandardUsernameCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class, Jenkins.instance, null, null);
for (c in StandardUsernameCredentials) {
println(c.id + ": " + c.description)
}
def StandardUsernamePasswordCredentials = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials.class, Jenkins.instance, null, null);
for (c in StandardUsernamePasswordCredentials) {
println(c.id + ": " + c.description)
}
@sdolenc
sdolenc / 0.md
Last active March 9, 2026 02:39
Import Recurring Events to Google Calendar

One method of quickly creating a lot of events in google calendar is to import a CSV file. However, there is no support for directly adding "recurring" events (birthdays, anniversaries, etc). Here's the workarond.

Summarized steps

  1. create csv file with events (no recurring)
  2. import csv into a new, temporary google calendar
  3. export temporary google calendar to an ics file
  4. edit ics file to change events into recurring
  5. import ics file into a new, permanent google calendar.
  6. delete temporary google calendar
@bgauduch
bgauduch / multiple-repository-and-identities-git-configuration.md
Last active May 20, 2026 20:31
Git config with multiple identities and multiple repositories

Setup multiple git identities & git user informations

/!\ Be very carrefull in your setup : any misconfiguration make all the git config to fail silently ! Go trought this guide step by step and it should be fine 😉

Setup multiple git ssh identities for git

  • Generate your SSH keys as per your git provider documentation.
  • Add each public SSH keys to your git providers acounts.
  • In your ~/.ssh/config, set each ssh key for each repository as in this exemple:
@timja
timja / jenkins-dump-credentials.groovy
Last active April 26, 2026 17:33
Dump jenkins credentials - use in script console
import com.cloudbees.plugins.credentials.*
import com.cloudbees.plugins.credentials.common.*
import com.cloudbees.plugins.credentials.domains.*
import com.cloudbees.plugins.credentials.impl.*
import com.cloudbees.jenkins.plugins.sshcredentials.impl.*
import org.jenkinsci.plugins.plaincredentials.impl.*
// def item = Jenkins.instance.getItem("your-folder")
@william8th
william8th / .tmux.conf
Last active May 8, 2026 16:13
Tmux open new pane in same directory
# Set the control character to Ctrl+Spacebar (instead of Ctrl+B)
set -g prefix C-space
unbind-key C-b
bind-key C-space send-prefix
# Set new panes to open in current directory
bind c new-window -c "#{pane_current_path}"
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
@lgg
lgg / keepass-file-format-explained.md
Last active March 13, 2026 14:04
Keepass file format explained

Keepass file format explained

I’m currently working (I’m just at the beginning, and I’m quite slow) on a personal project that will use Keepass files (kdb and kdbx).
I tried to find some documentation about .kdb and .kdbx format, but I didn’t find anything, even in the Keepass official website. I you want to know how these file formats are structured, you must read Keepass’s source code. So I wrote this article that explains how Keepass file format are structured, maybe it will help someone.

Thread Pools

Thread pools on the JVM should usually be divided into the following three categories:

  1. CPU-bound
  2. Blocking IO
  3. Non-blocking IO polling

Each of these categories has a different optimal configuration and usage pattern.

@BretFisher
BretFisher / docker-for-mac.md
Last active June 1, 2026 16:33
Getting a Shell in the Docker Desktop Mac VM

2021 Update: Easiest option is Justin's repo and image

Just run this from your Mac terminal and it'll drop you in a container with full permissions on the Docker VM. This also works for Docker for Windows for getting in Moby Linux VM (doesn't work for Windows Containers).

docker run -it --rm --privileged --pid=host justincormack/nsenter1

more info: https://github.com/justincormack/nsenter1


@vrivellino
vrivellino / ec2_cloud.groovy
Last active January 20, 2022 11:11
Jenkins EC2 Plugin Configuration via Groovy
/*
* Configure the Jenkins EC2 Plugin via Groovy Script
* EC2 Plugin URL: https://wiki.jenkins-ci.org/display/JENKINS/Amazon+EC2+Plugin
*/
import hudson.model.*
import jenkins.model.*
import hudson.plugins.ec2.*
import com.amazonaws.services.ec2.model.InstanceType