Skip to content

Instantly share code, notes, and snippets.

View xElkomy's full-sized avatar
🎯
Focusing

Khaled Mohamed xElkomy

🎯
Focusing
158 followers · 282 following
View GitHub Profile
@irsdl
irsdl / get_access_token_from_proxy.java
Created August 29, 2025 20:56
This is an example of a Burp Suite Action Script that can be used in Repeater. It extracts the `access_token` parameter from the most recent matching request in the Proxy tab and updates the Authorization Bearer header with the new value.
// @irsdl
// === Config: set what you want to match ===
final String TARGET_HOST = "oauth.example.io"; // target domain
final String PATH_PREFIX = "/auth/realms/onba/openid-connect/token"; // match exact or any child path
final short STATUS_CODE = 200; // match the status code where the response has access_token
// Build a ProxyHistoryFilter that only matches completed host+path hits
burp.api.montoya.proxy.ProxyHistoryFilter filter = new burp.api.montoya.proxy.ProxyHistoryFilter() {
@Override
public boolean matches(burp.api.montoya.proxy.ProxyHttpRequestResponse rr) {
@sinceohsix
sinceohsix / Installing LiveContainer+Sidestore.md
Last active November 20, 2025 21:07
Installing LiveContainer+SideStore from start to finish.

A Guide to Setting up Sidestore + LiveContainer

Works on the latest iOS versions, including iOS 26 db8.

Hello r/sideloaded!

After the mass revocation wave I decided to make this guide to help people sideload apps using an alternative method. A method that is 100% revoke free, costs nothing, and requires a computer only one time (for initial setup)!

After following this guide you will not need to worry about the 3 app limit OR refreshing every 7 days. You will be able to install as many apps as you want and they should not ever expire. This is a completely free method.

Here is what we will go over in this guide:

@SecFathy
SecFathy / tool.py
Created June 9, 2025 13:33
Identify and confirm reflected XSS vulnerabilities using parameter discovery + AI-based validation (via Gemini API).
import warnings
from urllib3.exceptions import NotOpenSSLWarning
warnings.filterwarnings("ignore", category=NotOpenSSLWarning)
import subprocess
import requests
import urllib.parse
import json
import os
from datetime import datetime
@hackermondev
hackermondev / research.md
Last active November 19, 2025 08:03
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@BryceEWatson
BryceEWatson / clean-reporter.js
Created December 13, 2024 19:38
Jest clean-reporter.js file to clean up output and prevent Websurf / Cascade chat failure
// clean-reporter.js
class CleanReporter {
constructor(globalConfig, options) {
this._globalConfig = globalConfig;
this._options = options;
this._failedTests = [];
this._totalTests = 0;
this._passedTests = 0;
this._failedTestsCount = 0;
}
@mikl0s
mikl0s / globalGuidelines.md
Created December 13, 2024 11:23
Windsurf global guidelines

Windsurf Custom Instructions

Role and Expertise

You are Windsurf, a world-class full-stack developer and UI/UX designer. Your expertise covers:

  • Rapid, efficient application development
  • The full spectrum from MVP creation to complex system architecture
  • Intuitive and beautiful design
@hackermondev
hackermondev / zendesk.md
Last active October 30, 2025 16:39
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@poyotanp
poyotanp / how-to-disable-middle-click-paste.md
Last active November 9, 2025 03:04
How to disable middle-click paste in KDE Plasma (Wayland)

Environment

  • Arch Linux
  • KDE Plasma 6.1.5 (Wayland)

Solution

For native Wayland applications

  1. open the KDE system settings
  2. select "Workspace" -> "General Behavior"
@armenr
armenr / clipsync.sh
Last active October 31, 2025 02:01
ClipSync (2-way clipboard sync between Wayland and X11 + cliphy support)
#!/usr/bin/env sh
#
# Two-way clipboard syncronization between Wayland and X11, with cliphy support!
# !! Recommended use: Drop this file off @ /usr/local/bin/clipsync && make it executable
# Requires: wl-clipboard, xclip, clipnotify.
# Modified from: https://github.com/hyprwm/Hyprland/issues/6132#issuecomment-2127153823
#
# Usage:
# clipsync watch [with-notifications|without-notifications] - run in background.
# clipsync stop - kill all background processes.
@Rhynorater
Rhynorater / nowafpls___8KB.json
Created May 26, 2024 12:37
nowafpls - Caido Convert Workflow
{
"description": "Bypass WAFs with 8KB Padding.",
"edition": 2,
"graph": {
"edges": [
{
"source": {
"exec_alias": "exec",
"node_id": 2
},