vcsjones

require 'openssl'

encrypt_me = "what a fine day for coding" # Data to encrypt
@aes_key = (1..16).to_a.pack("C*") # Dummy bad key
@aes_iv = (17..32).to_a.pack("C*") # Dummy bad initialization vector
cipher = OpenSSL::Cipher::AES.new(128, :CBC)
cipher.encrypt # Put it in "encrypt" mode, doesn't actually encrypt
cipher.key = @aes_key
cipher.iv = @aes_iv
ciphertext = cipher.update(encrypt_me) + cipher.final

vcsjones

# frozen_string_literal: true

begin
  require "bundler/inline"
rescue LoadError => e
  $stderr.puts "Bundler version 1.10 or later is required. Please update your Bundler"
  raise e
end

gemfile(true) do

vcsjones

{
    "workbench.colorCustomizations": {
        "editor.selectionBackground": "#8C6642"
    },
    "editor.minimap.enabled": false,
    "window.zoomLevel": 1,
    "git.confirmSync": false,
    "workbench.colorTheme": "Solarized Light",
    "workbench.iconTheme": "vs-seti",
    "terminal.integrated.fontFamily": "Meslo LG L for Powerline",

vcsjones

add_header X-Frame-Options DENY;
add_header Content-Security-Policy "default-src 'none' ; style-src 'self' ; img-src 'self' ; frame-ancestors 'none' ; form-action 'none' ; block-all-mixed-content; reflected-xss block; sandbox; referrer no-referrer";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy no-referrer;

vcsjones

const jwt = require('jsonwebtoken');

const privateKey = `-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIA/Hp5bQItOQCKBdgH6sHLZAhTBNID/x8Fb5xwrWrZVQoAoGCCqGSM49
AwEHoUQDQgAEAwTleT8M/rlF8nE/qhY+26axJzFroVz7WciGZYxB1wI/U0jJgyr5
PBdQASFywG+QgGP/xD3eEozUnVOX+1z+9g==
-----END EC PRIVATE KEY-----`;
const publicKey = `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAwTleT8M/rlF8nE/qhY+26axJzFr
oVz7WciGZYxB1wI/U0jJgyr5PBdQASFywG+QgGP/xD3eEozUnVOX+1z+9g==

vcsjones

private readonly Random _random = new Random();
public void ConfigureServices(IServiceCollection services)
{
    // Add framework services.
    services
        .AddMvc()
        .AddJsonOptions(options =>
            options.SerializerSettings.ContractResolver = _random.Next(0, 2) == 0 ? new DefaultContractResolver() : new CamelCasePropertyNamesContractResolver());
}

vcsjones

/*
1. In Fiddler, use "Ctrl+R" to open up the rules file.
2. Ctrl+F for "OnBoot" and uncomment it if it is (it is by default)
3. Replace the body of it with the one below and add the "ValidateCallback" function below OnBoot.
*/

static function OnBoot() {
    FiddlerApplication.add_OnValidateServerCertificate(ValidateCallback);
}

vcsjones

"use strict";
document.addEventListener('DOMContentLoaded', () => {
    const frame = document.getElementById('target-frame');
    if (frame && frame.src) {
        const source = frame.src;
        frame.parentElement.removeChild(frame);
        window.location.href = source;
    }
});

vcsjones

using Fiddler;
using HtmlAgilityPack;
using System.Collections.Generic;
using System.IO;
using System.Linq;

public class LinkAutoTamper : IAutoTamper2
{
    public void AutoTamperRequestAfter(Session oSession)
    {

vcsjones

//Add these two imports at the top of 'CustomRules.js'
import System;
import System.Reflection;

//Create or add this to the 'OnBoot' function:

static function OnBoot() : void {
  var ciphersField = FiddlerApplication.Assembly.GetType("Fiddler.HTTPSClientHello").GetField("dictTLSCipherSuites", BindingFlags.NonPublic | BindingFlags.Static);
  var ciphers = ciphersField.GetValue(null);
  ciphers.set_Item(0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");