I hereby claim:
- I am mwielgoszewski on github.
- I am marcin (https://keybase.io/marcin) on keybase.
- I have a public key whose fingerprint is 66BB 5179 6968 5989 A287 25C4 4FCD 9C87 3610 C4D5
To claim this, I am signing this object:
Marcin Wielgoszewski mwielgoszewski
mwielgoszewski
/ gist:4649506
Last active
December 11, 2015 19:38
The following exploits AES constructions that use the Key as Initialization Vector. See http://www.gnu.org/software/shishi/manual/html_node/Key-as-initialization-vector.html for details.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from gluon.utils import AES_new | |
| KEY = 'testtesttesttest' | |
| PLAINTEXT = 'The quick brown fox jumped over the lazy dog.The quick brown fox' | |
| def xor(a, b): | |
| return bytearray(x ^ y for x, y in zip(a, b)) | |
| def exploit(): | |
| # ciphertext produced by web2py |
mwielgoszewski
/ ratelimiter.py
Last active
September 16, 2018 08:08
A GitHub rate-limiting adapter for the requests module.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| ''' | |
| Usage: | |
| session = requests.Session() | |
| session.mount('https://', RateLimitAdapter()) | |
| ''' | |
| from datetime import datetime | |
| from collections import deque | |
| import logging |
mwielgoszewski
/ WcfBinaryBurpPlugin.py
Last active
December 20, 2015 15:49
— forked from ncoblentz/WcfBinaryBurpPlugin.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| """ | |
| Created on Fri Dec 28 14:16:12 2012 | |
| @author: Nick Coblentz | |
| Some of this code is borrowed from Brian Holyfield's Burp plugin located here: https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In | |
| It is also fully dependent on having NBFS.exe from his plugin in the same directory as Burp. | |
| """ | |
| from burp import IBurpExtender |
mwielgoszewski
/ burpscript.py
Last active
October 27, 2021 01:32
This extension registers an IHttpListener configured to execute a custom script editable via the Script tab added to Burp. The script is executed in the context with the following global and local variables (extender, callbacks, helpers, toolFlag, messageIsRequest, messageInfo).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from java.awt import Font | |
| from javax.swing import JScrollPane, JTextPane | |
| from javax.swing.text import SimpleAttributeSet | |
| from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab | |
| import base64 | |
| import traceback | |
mwielgoszewski
/ pattern_create.py
Created
January 20, 2014 15:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from itertools import chain, cycle, dropwhile, islice, product | |
| import string | |
| def pattern_create(*args): | |
| return ''.join(islice(chain.from_iterable(cycle(product(string.uppercase, string.lowercase, string.digits))), *args)) |
mwielgoszewski
/ gwtmenu.py
Created
February 20, 2014 16:07
mwielgoszewski
/ keybase.md
Created
March 17, 2014 00:17
mwielgoszewski
/ gist:8a954ed3ce29fda7b844
Created
May 19, 2015 20:02
iOS Security Guide (October vs April)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >>> for n, pages in enumerate(diff, 1): | |
| ... print 'page: %d -> %.4f%%' % (n, difflib.SequenceMatcher(None, *pages).ratio() * 100) | |
| page: 1 -> 66.6667% | |
| page: 2 -> 94.1598% | |
| page: 3 -> 82.4145% | |
| page: 4 -> 99.3867% | |
| page: 5 -> 99.3815% | |
| page: 6 -> 99.4215% | |
| page: 7 -> 97.5767% |
mwielgoszewski
/ get_crx_manifests.py
Created
January 28, 2019 15:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import json | |
| import requests | |
| import StringIO | |
| import sys | |
| import zipfile | |
| def download_crx(identifier): | |
| sys.stderr.write("Downloading {0}\n".format(identifier)) |
mwielgoszewski
/ victron-secured-mfd.md
Last active
December 22, 2024 15:02
With the introduction of VenusOS v3.50, a new "secured" network profile mode has been added which automatically adds support for HTTPS (using a self-signed certificate). This breaks support for some MFD's that expect to access resources over HTTP and/or without having to support cookie sessions or authentication.
From the release notes:
It is no longer necessary to enable MQTT when using the Marine MFD HTML5 App.