Skip to content

Instantly share code, notes, and snippets.

View terrywang's full-sized avatar

Terry Wang terrywang

136 followers · 56 following
View GitHub Profile
@spaze
spaze / opera-vpn.md
Last active August 23, 2025 14:02
Opera VPN behind the curtains is just a proxy, here's how it works

2023 update

ℹ️ Please note this research is from 2016 when Opera has first added their browser "VPN", even before the "Chinese deal" was closed. They have since introduced some real VPN apps but this below is not about them.

🕵️ Some folks also like to use this article to show a proof that the Opera browser is a spyware or that Opera sells all your data to 3rd parties or something like that. This article here doesn't say anything like that.

When setting up (that's immediately when user enables it in settings) Opera VPN sends few API requests to https://api.surfeasy.com to obtain credentials and proxy IPs, see below, also see The Oprah Proxy.

The browser then talks to a proxy de0.opera-proxy.net (when VPN location is set to Germany), it's IP address can only be resolved from within Opera when VPN is on, it's 185.108.219.42 (or similar, see below). It's an HTTP/S proxy which requires auth.

@xero
xero / unix
Last active October 16, 2025 00:42
curl -L git.io.unix
,_ ,_==▄▂
, ▂▃▄▄▅▅▅▂▅¾. / /
▄▆<´ "»▓▓▓%\ / / / /
,▅7" ´>▓▓▓% / / > / >/%
▐¶▓ ,»▓▓¾´ /> %/%// / /
▓▃▅▅
@joepie91
joepie91 / vpn.md
Last active January 5, 2026 07:53
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@croepha
croepha / DigitalOcean_NoVNC_Paste.js
Last active June 4, 2025 07:36
// This will open up a prompt for text to send to a console session on digital ocean
// Useful for long passwords
(function () {
var t = prompt("Enter text to be sent to console, (This wont send the enter keystroke)").split("");
function f() {
var character = t.shift();
var i=[];
var code = character.charCodeAt();
var needs_shift = "!@#$%^&*()_+{}:\"<>?~|".indexOf(character) !== -1
@chrismdp
chrismdp / s3.sh
Last active August 4, 2025 07:29
Uploading to S3 in 18 lines of Shell (used to upload builds for http://soltrader.net)
# You don't need Fog in Ruby or some other library to upload to S3 -- shell works perfectly fine
# This is how I upload my new Sol Trader builds (http://soltrader.net)
# Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash
S3KEY="my aws key"
S3SECRET="my aws secret" # pass these in
function putS3
{
path=$1
@kennwhite
kennwhite / vpn_psk_bingo.md
Last active August 3, 2025 05:20
Most VPN Services are Terrible

Most VPN Services are Terrible

Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.

This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016

@akras14
akras14 / Getting-Cheat-Sheet.md
Last active December 4, 2025 01:12

Git Cheat Sheet

Commands

Getting Started

git init

or

@grugq
grugq / gist:03167bed45e774551155
Last active December 25, 2025 23:35
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

@bojieli
bojieli / testssl.c
Created April 8, 2014 18:03
Heartbleed OpenSSL vulnerbility POC (CVE-2014-0160)
/* Heartbleed OpenSSL vulnerbility POC
* CVE-2014-0160
*
* You need to modify OpenSSL client code: ssl/t1_lib.c, function tls1_heartbeat
* Previous line: \/\* Payload length (18 bytes here) \*\/
* Old line: s2n(payload, p);
* New line: s2n(65536 - 100, p); // pretend that we have so many bytes of payload...
*
* To compile:
* gcc -g -o testssl -Iinclude -L. -lssl ssl/*.o testssl.c
@takeshixx
takeshixx / hb-test.py
Last active September 8, 2025 01:16
OpenSSL heartbeat PoC with STARTTLS support.
#!/usr/bin/env python2
"""
Author: takeshix <[email protected]>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford ([email protected]).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser