Skip to content

Instantly share code, notes, and snippets.

View ozzi-'s full-sized avatar
🎯
On point

ozzi-

🎯
On point
86 followers · 42 following
View GitHub Profile
@ozzi-
ozzi- / sanitizeJSONValues.js
Created November 28, 2019 08:52
recursive iterate through json values and sanitize strings with escapeHtml
function sanitizeJSONValues(obj){
for (var k in obj){
if (typeof obj[k] == "object" && obj[k] !== null){
sanitizeJSON(obj[k]);
}
else{
if(typeof obj[k]=="string"){
obj[k] = escapeHtml(obj[k]);
}
}
@ozzi-
ozzi- / SecureFilePermissions.java
Last active January 10, 2020 07:49
cross-platform privilege hardening for files with java
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
@ozzi-
ozzi- / example.html
Last active June 11, 2020 12:20
<html>
<!-- all tags that should match -->
<link href="www.external.com">
<script type="text/javascript">
xhr1.open("POST","http://external.com");
xhr2.open("POST","www.external.com");
xhr2.open("POST","www.external-co-ul.co.uk");
xhr3.open("POST","//external.com");
xhr4.open("POST","http://gist.githubusercontent.com/testlocal");
</script>
@ozzi-
ozzi- / example.css
Created June 9, 2020 12:45
@import 'fonts.googleapis.com/css?family=Advent+Pro:400,200,700');
@import "www.fonts.googleapis.com/css?family=Advent+Pro:400,200,700");
@import "https://www.fonts.googleapis.com/css?family=Advent+Pro:400,200,700");
@import url("http://fonts.googleapis.com/css?family=Raleway+Dots");
@import url('//weloveiconfonts.com/api/?family=entypo');
@import url("weloveiconfonts.com/api/?family=entypo");
html{
}
@ozzi-
ozzi- / example.js
Created June 9, 2020 12:49
xhr1.open("POST","http://external2.com");
xhr2.open("POST","www.external2.com");
xhr3.open("POST","//external2.com");
xhr4.open("POST","http://gist.githubusercontent.com/testrlocal");
xhr4.open("POST","gist.githubusercontent.com/testrlocal");
@ozzi-
ozzi- / removeSubdomainsOfURL.java
Last active June 11, 2020 09:08
removes all subdomains of an url
public static String removeSubdomains(String url, ArrayList<String> secondLevelDomains) {
// We need our URL in three parts, protocol - domain - path
String protocol= getProtocol(url);
url = url.substring(protocol.length());
String urlDomain=url;
String path="";
if(urlDomain.contains("/")) {
int slashPos = urlDomain.indexOf("/");
path=urlDomain.substring(slashPos);
urlDomain=urlDomain.substring(0, slashPos);
@ozzi-
ozzi- / getServerCert.sh
Created June 26, 2020 07:15
openssl s_client -showcerts -servername {{URL}} -connect {{URL}}:443 2>/dev/null
@ozzi-
ozzi- / bashSubstringCount
Created July 24, 2020 07:50
$ echo "f00 bar 123 f00 foo" | awk -F"f00" '{ print NF-1}'
2
@ozzi-
ozzi- / all_curl.sh
Created August 3, 2020 11:26
get response code, all headers, specific headers and response body from CURL
res=$(curl "https://zgheb.com" -i -sS -w "\r\n%{http_code}")
responseCode=$(echo "$res" | tail -1)
headersAndBody=$(echo "$res" | head -n -1)
headers=$(echo "$headersAndBody" | awk '{if($0=="\r")exit;print}')
body=$(echo "$headersAndBody" | awk '{if(body)print;if($0=="\r")body=1}')
powered=$(echo "$res" | grep -Fi "X-Powered-By" | cut -d ":" -f2 | awk '{$1=$1};1')
echo "Response Code:"
@ozzi-
ozzi- / doubleEncodingUTF8.java
Created October 26, 2020 14:54
java method to fix double encoded UTF-8 strings
public static void main(String[] args) {
String input = "werewräüèö";
String result = fixDoubleUTF8Encoding(input);
System.out.println(result); // werewräüèö
input = "üäöé";
result = fixDoubleUTF8Encoding(input);
System.out.println(result); // üäöé
}