Skip to content

Instantly share code, notes, and snippets.

View davidxia's full-sized avatar
🏠
EST working hours

David Xia davidxia

🏠
EST working hours
View GitHub Profile
@mkows
mkows / server-cors.py
Created July 31, 2019 15:16
Allow CORS with python Simple HTTP Server – for Python 3
'''
Based on https://gist.github.com/enjalot/2904124 (in Python 2) -> quick-migrated to Python 3
Usage: python server-cors
'''
import http.server as httpserver
class CORSHTTPRequestHandler(httpserver.SimpleHTTPRequestHandler):
def send_head(self):
"""Common code for GET and HEAD commands.
@davidxia
davidxia / gist:1292b0caa96079a7f9c6356c6df38b01
Last active December 28, 2021 15:12
Get all credentials of all GKE clusters in a project using fish, gcloud, jq, and xargs
gcloud --project $project container clusters list --format json \
| jq -r '.[] | "\(.name):\(.location)"' \
| xargs -I @ bash -c \
"name=\$(echo @ | cut -d ':' -f 1) \
&& region=\$(echo @ | cut -d ':' -f 2) \
&& gcloud --project $project container clusters get-credentials \$name --region \$region"
@unoexperto
unoexperto / patch_apk_for_sniffing.md
Last active September 29, 2024 16:13
How to patch Android app to sniff its HTTPS traffic with self-signed certificate

How to patch Android app to sniff its HTTPS traffic with self-signed certificate

  • Download apktool from https://ibotpeaches.github.io/Apktool/
  • Unpack apk file: java -jar /home/expert/work/tools/apktool.jar d [email protected]
  • Modify AndroidManifest.xml by adding android:networkSecurityConfig="@xml/network_security_config" attribute to application element.
  • Create file /res/xml/network_security_config.xml with following content:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>
@gravitylow
gravitylow / codesign_gdb.md
Last active October 23, 2024 09:17 — forked from hlissner/codesign_gdb.md
Codesign gdb on macOS

If you are getting this in gdb on macOS while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)

How I solved Nebula Level 11

The last few days I solved the first levels of Nebula. Nebula is an exploit exercise which consists of twenty levels. The level zero to eight where no real trouble. The level09 drove me crazy. I never wrote serious php code so I was not able to solve the string injection without cheating. For [level10] I gave up a bit too early as-well, after the first hint about TOCTOU (time-of-use to time-of-check) made me solve this with two simple bash scripts.

For the Level 11 flag cheating was no option for me. This walk through describes how I did solve this exercise. The description of this exercise states the following:

The /home/flag11/flag11 binary processes standard input and executes a shell command.  There are two ways of completing this level, you may wish to do both :-) To do this level, log in as the level11 account with th
@mrkpatchaa
mrkpatchaa / README.md
Last active October 21, 2024 16:46
Bulk delete github repos

Use this trick to bulk delete your old repos or old forks

(Inspired by https://medium.com/@icanhazedit/clean-up-unused-github-rpositories-c2549294ee45#.3hwv4nxv5)

  1. Open in a new tab all to-be-deleted github repositores (Use the mouse’s middle click or Ctrl + Click) https://github.com/username?tab=repositories

  2. Use one tab https://chrome.google.com/webstore/detail/onetab/chphlpgkkbolifaimnlloiipkdnihall to shorten them to a list.

  3. Save that list to some path

  4. The list should be in the form of “ur_username\repo_name” per line. Use regex search (Sublime text could help). Search for ' |.*' and replace by empty.

@phrawzty
phrawzty / 2serv.py
Last active November 10, 2024 16:32
simple python http server to dump request headers
#!/usr/bin/env python2
import SimpleHTTPServer
import SocketServer
import logging
PORT = 8000
class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
@mziwisky
mziwisky / Oauth2.md
Last active November 17, 2024 01:09
Oauth2 Explanation

OAUTH2

The Problem

I’m a web app that wants to allow other web apps access to my users’ information, but I want to ensure that the user says it’s ok.

The Solution

I can’t trust the other web apps, so I must interact with my users directly. I’ll let them know that the other app is trying to get their info, and ask whether they want to grant that permission. Oauth defines a way to initiate that permission verification from the other app’s site so that the user experience is smooth. If the user grants permission, I issue an AuthToken to the other app which it can use to make requests for that user's info.

Note on encryption

Oauth2 has nothing to do with encryption -- it relies upon SSL to keep things (like the client app’s shared_secret) secure.

@ogrrd
ogrrd / dnsmasq OS X.md
Last active October 30, 2024 18:37
Setup dnsmasq on OS X

Never touch your local /etc/hosts file in OS X again

To setup your computer to work with *.test domains, e.g. project.test, awesome.test and so on, without having to add to your hosts file each time.

Requirements

Install

@dergachev
dergachev / GIF-Screencast-OSX.md
Last active November 5, 2024 18:44
OS X Screencast to animated GIF

OS X Screencast to animated GIF

This gist shows how to create a GIF screencast using only free OS X tools: QuickTime, ffmpeg, and gifsicle.

Screencapture GIF

Instructions

To capture the video (filesize: 19MB), using the free "QuickTime Player" application: