image_extract.pyperforms character extraction on targetted against the HackerOne H1-702 CTF announcement imagedecrypt_sqli.pyperforms blind sqli data extraction with encrypted payloads targetting against the FliteThermostat APItiming_attack.pyperforms an HTTP piplining based timing against the FliteThermostat Backendwordlist_generator.pygenerates wordlists from a give corpus or set of corpuseshttplib.pyperforms efficient asynchronous HTTP requests against the FliteThermostat Backend
Alex Chapman ajxchapman
ajxchapman
/ README.md
Last active
October 22, 2023 16:05
Scripts developed for solving HackerOne H1-702 2019 CTF
ajxchapman
/ wordlist_generator.py
Created
March 8, 2019 10:45
Wordlist generator based on observed words from given URLs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import requests | |
| import inflect | |
| seed_urls = [ | |
| "http://www.example.com", | |
| ] | |
| cookies = {"session" : "2eyhsb2dnZxWRJ9biI6dHJ1ZXr0"} | |
| prefixes = ["get", "set", "get_", "set_"] |
Simple setup to create a Linux gateway on Ubuntu 18.04 that provides WPAD settings via DHCP option 252.
systemctl disable systemd-resolved.service
systemctl stop systemd-resolved
apt update
apt install dnsmasq
unlink /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf
ajxchapman
/ burp_extract.py
Created
January 15, 2019 14:57
Extract files from Burp Suite "Save Items" save file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import os | |
| import sys | |
| search = " ".join(sys.argv[2:]) or None | |
| path = None | |
| with open(sys.argv[1]) as f: | |
| for line in f: | |
| if '<path>' in line: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import pickle | |
| import sys | |
| if sys.version_info < (3, 0, 0): | |
| _exec = None | |
| buff = sys.stdout # Buffer to write binary strings to | |
| else: | |
| import builtins |
ajxchapman
/ chrome_screenshot.js
Created
July 11, 2017 13:44
Node script to screenshot web pages using chrome debugging protocol
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // npm install chrome-remote-interface minimist | |
| const CDP = require('chrome-remote-interface'); | |
| const argv = require('minimist')(process.argv.slice(2)); | |
| const file = require('fs'); | |
| const spawn = require('child_process').spawn; | |
| const net = require('net'); | |
| const crypto = require('crypto'); | |
| const url = argv.url || 'https://www.google.com'; | |
| const id = argv.id || crypto.createHash('sha256').update(url).digest("hex"); |
NewerOlder