Skip to content

Instantly share code, notes, and snippets.

View patmigliaccio's full-sized avatar
🎧
jammin

Pat Migliaccio patmigliaccio

🎧
jammin
20 followers · 28 following
View GitHub Profile
@patmigliaccio
patmigliaccio / client-side-security-reverse-obfuscation.js
Created September 2, 2017 01:38
patmigliaccio.com/client-side-security 7/27/17
/**
* Reverses basic obfuscation techniques used by the JavaScript Obfuscator.
*
* Reference: https://javascriptobfuscator.com/
*
* @param {string} data String representation of a JavaScript file
* @returns {string}
*/
function reverseObfuscation(data) {
return replaceArrayReferences(replaceHexArrayValues(replaceHexVariables(data)));
@patmigliaccio
patmigliaccio / client-side-security-obfuscated.js
Created September 2, 2017 01:36
patmigliaccio.com/client-side-security 7/27/17
var _0xe6a3=["\x64\x61\x74\x61","\x70\x61\x72\x73\x65","\x74\x68\x65\x6E","\x2F\x61\x73\x73\x65\x74\x73\x2F\x63\x73\x73\x2F\x73\x76\x67\x2F\x67\x65\x6E\x65\x72\x61\x74\x65","","\x73\x70\x6C\x69\x74","\x74\x72\x69\x6D","\x70\x6F\x70","\x75\x6E\x73\x68\x69\x66\x74","\x66\x6F\x72\x45\x61\x63\x68","\x6A\x6F\x69\x6E"];function requestGeneratedSVG(){return xhr(_0xe6a3[3])[_0xe6a3[2]](function(_0xe415x2){let _0xe415x3=parseSVGResponse(_0xe415x2[_0xe6a3[0]]);return JSON[_0xe6a3[1]](atob(_0xe415x3))})}function parseSVGResponse(_0xe415x5){var _0xe415x6=_0xe415x5[_0xe6a3[5]](_0xe6a3[4]);for(let _0xe415x7=0;_0xe415x7< 64;_0xe415x7++){var _0xe415x8=_0xe415x6[_0xe6a3[7]]()[_0xe6a3[6]]();_0xe415x6[_0xe6a3[8]](_0xe415x8)};var _0xe415x9=[];_0xe415x6[_0xe6a3[9]](function(_0xe415xa){_0xe415x9[_0xe6a3[8]](_0xe415xa)});return _0xe415x9[_0xe6a3[10]](_0xe6a3[4])}
@patmigliaccio
patmigliaccio / client-side-security-obfuscated.js
Created September 2, 2017 01:36
patmigliaccio.com/client-side-security 7/27/17
var _0xe6a3=["\x64\x61\x74\x61","\x70\x61\x72\x73\x65","\x74\x68\x65\x6E","\x2F\x61\x73\x73\x65\x74\x73\x2F\x63\x73\x73\x2F\x73\x76\x67\x2F\x67\x65\x6E\x65\x72\x61\x74\x65","","\x73\x70\x6C\x69\x74","\x74\x72\x69\x6D","\x70\x6F\x70","\x75\x6E\x73\x68\x69\x66\x74","\x66\x6F\x72\x45\x61\x63\x68","\x6A\x6F\x69\x6E"];function requestGeneratedSVG(){return xhr(_0xe6a3[3])[_0xe6a3[2]](function(_0xe415x2){let _0xe415x3=parseSVGResponse(_0xe415x2[_0xe6a3[0]]);return JSON[_0xe6a3[1]](atob(_0xe415x3))})}function parseSVGResponse(_0xe415x5){var _0xe415x6=_0xe415x5[_0xe6a3[5]](_0xe6a3[4]);for(let _0xe415x7=0;_0xe415x7< 64;_0xe415x7++){var _0xe415x8=_0xe415x6[_0xe6a3[7]]()[_0xe6a3[6]]();_0xe415x6[_0xe6a3[8]](_0xe415x8)};var _0xe415x9=[];_0xe415x6[_0xe6a3[9]](function(_0xe415xa){_0xe415x9[_0xe6a3[8]](_0xe415xa)});return _0xe415x9[_0xe6a3[10]](_0xe6a3[4])}
@patmigliaccio
patmigliaccio / client-side-security-svg.js
Last active September 2, 2017 01:43
patmigliaccio.com/client-side-security 7/27/17
function requestGeneratedSVG(){
return xhr('/assets/css/svg/generate')
.then(response => {
let content = parseSVGResponse(response.data);
// Decoded sensitive data would be handled here.
return JSON.parse(atob(content));
});
}
@patmigliaccio
patmigliaccio / rate-limiting-log-message-limited.js
Created September 2, 2017 01:31
patmigliaccio.com/rate-limiting 3/20/2017
const logMessageLimited = limiter(msg => { console.log(msg); }, 500);
for (let i = 0; i < 3; i++){
logMessageLimited(`[Message Log] Action (${i}) rate limited.`);
}
@patmigliaccio
patmigliaccio / rate-limiting-limiter-args.js
Created September 2, 2017 01:30
patmigliaccio.com/rate-limiting 3/20/2017
function limiter(fn, wait){
let isCalled = false,
calls = [];
let caller = function(){
if (calls.length && !isCalled){
isCalled = true;
calls.shift().call();
setTimeout(function(){
isCalled = false;
@patmigliaccio
patmigliaccio / rate-limiting-limiter-recursive.js
Created September 2, 2017 01:29
patmigliaccio.com/rate-limiting 3/20/2017
function limiter(fn, wait){
let isCalled = false,
calls = [];
let caller = function(){
if (calls.length && !isCalled){
isCalled = true;
calls.shift().call();
setTimeout(function(){
isCalled = false;
@patmigliaccio
patmigliaccio / rate-limiting-limiter-dropped.js
Created September 2, 2017 01:27
patmigliaccio.com/rate-limiting 3/20/2017
// Broken Code
function limiter(fn, wait){
let isCalled = false,
calls = [];
return function(){
calls.push(fn);
// Infinite Loop
while (calls.length){
@patmigliaccio
patmigliaccio / rate-limiting-limiter.js
Created September 2, 2017 01:25
patmigliaccio.com/rate-limiting 3/20/2017
function limiter(fn, wait){
let isCalled = false;
return function(){
if (!isCalled){
fn();
isCalled = true;
setTimeout(function(){
isCalled = false;
}, wait)
@patmigliaccio
patmigliaccio / async-fishing-make-requests.js
Created September 2, 2017 01:20
patmigliaccio.com/async-fishing 12/11/2016
function makeRequests(urls){
let requests = urls.map(url => xhr({url: url, responseType: 'arraybuffer'}));
all(requests)
.then(response => {
response.forEach(value => {
if (value instanceof Error){
console.error(value);
}