Skip to content

Instantly share code, notes, and snippets.

View cktricky's full-sized avatar
🏠
Working from home

Ken Johnson cktricky

🏠
Working from home
179 followers · 164 following
View GitHub Profile
@cktricky
cktricky / signing.rb
Last active August 29, 2015 13:57
# cf_url is http://dSomething.cloudfront.net/path
# video_name is test.mp4
def signed_html5
parsed_uri = URI.parse(cf_url)
url = "#{parsed_uri.scheme}://#{parsed_uri.host}#{parsed_uri.path}/#{video_name}"
signed_url = sign(url)
end
# cf_url is http://dSomething.cloudfront.net/path
# video_name is test.mp4
@cktricky
cktricky / video.html.erb
Created March 5, 2014 01:09
<script type='text/javascript'>
jwplayer('my-video').setup({
primary: "flash",
sources: [
{file: <%= sanitize(@video.signed_html5.inspect) %>},
{file: <%= sanitize(@video.signed_flash.inspect) %>}
],
skin: 'someSkin',
flashplayer: <%= sanitize(asset_path('swf/jwplayer.flash.swf').inspect) %>,
@cktricky
cktricky / user_controller.rb
Created March 26, 2014 02:34
as_json index Railsgoat
def show
respond_with @user.as_json
end
@cktricky
cktricky / as_json_response.txt
Created March 26, 2014 02:36
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
X-UA-Compatible: IE=Edge
ETag: "6b4caf343a20865de174b2b530b945dd"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: c3b0a57861087c0b827aab231747ef0c
X-Runtime: 0.051734
Connection: close
{"admin":false,"created_at":"2014-01-23T16:17:10Z","email":
@cktricky
cktricky / as_json_fix.rb
Created March 26, 2014 02:41
def as_json
super(only: [:user_id, :email, :first_name, :last_name])
end
@cktricky
cktricky / as_json_fix_response.txt
Created March 26, 2014 02:43
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
X-UA-Compatible: IE=Edge
ETag: "2333488e856669ac637e37cb4cf09cb6"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: baa6a1c90004838793614e4c61633767
X-Runtime: 0.092768
Connection: close
{"email":"[email protected]","first_name":"Jack","last_name":"Mannino","user_id":2}
@cktricky
cktricky / rails_session_deobfuscation.rb
Created June 3, 2014 18:10
Rails session deobfuscation
require 'base64'
require 'cgi'
orig_session_id = "BAh7CEkiD3Nlc3Npb25faWQGOgZFVEkiJWViYTgyMTMwYjE3ZmJkMDVmOTI4MTYzYzhjMWI1YTcwBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMVhJblpXL2NQNERnQVZZT0NTeWs5RXJzb2JpNzFOSlJwZ0NVQjlnNWplc3c9BjsARkkiDHVzZXJfaWQGOwBGaQo%3D--be5328b6089949b1a5da6eb3b21e220744705ab8"
new_session_id = CGI::unescape(orig_session_id).split('--').first
decoded = Marshal.load(Base64.decode64(new_session_id))
puts "Deobfuscated cookie: #{decoded}"
@cktricky
cktricky / django_session_deobfuscation.py
Last active August 29, 2015 14:02
Django Session Deobfuscation
import re
import zlib
import base64
import pickle
orig_session_id = ".eJxrYKotZNQIFYpPLC3JiC8tTi2KT0pMzk7NSylkCtVMyUrMS8_XS87PKynKTNIDqdGDShfr-eanpOY4QRUzh_IiGZGZUsjizVyqBwA9cCGB:1WrtB4:7bnqeUSJ2mJCPeyPA0FcskLq0m0"
def b64_decode(s):
number = (-len(s) % 4)
pad = number * "="
@cktricky
cktricky / xssable.js
Created June 4, 2014 19:21
example JS/XSS context
<script type="text/javascript">
function someThing(){
$("#someDiv").append("someUserContent");
}
</script>
@cktricky
cktricky / mailer.rb
Created October 3, 2014 18:57
devise mailer
if defined?(ActionMailer)
class Devise::Mailer < Devise.parent_mailer.constantize
include Devise::Mailers::Helpers
def confirmation_instructions(record, token, opts={})
@token = token
devise_mail(record, :confirmation_instructions, opts)
end
def reset_password_instructions(record, token, opts={})