Skip to content

Instantly share code, notes, and snippets.

View frohoff's full-sized avatar

Chris Frohoff frohoff

1.1k followers · 13 following
View GitHub Profile
@frohoff
frohoff / ss
Created July 30, 2024 03:25
ss
e0f0bb3c0b93198f0e5ced2aa769daaf818cf754c506a8375f926fa8938288b9
@frohoff
frohoff / SNI-FILTER-BYPASS.md
Created June 7, 2024 19:25
SNI filtering bypass

Make requests to example.com but spoofing the TLS SNI as google.com to bypass network security controls that only enforce based on SNI:

$ curl -sk https://google.com -H "Host: example.com" --resolve google.com:443:$(dig +short example.com)
$ (printf "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n"; sleep 1) | openssl s_client -connect example.com:443 -servername google.com -state
@frohoff
frohoff / envoy.yml
Created February 19, 2022 00:46
Envoy Optional mTLS
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 443
filter_chains:
- filters:
@frohoff
frohoff / Log4ShellPayload.java
Created January 13, 2022 22:51
Log4Shell Payload for identifying vulnerable apps
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.core.util.Constants;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.net.InetAddress;
import java.net.URL;
@frohoff
frohoff / 14seg.py
Created December 17, 2018 16:08
14 segment display ascii renderer
#!/usr/bin/python
# $ echo bcefgG il | python 14seg.py
#
# | | |
# -- --
# | | |
import string
import sys
@frohoff
frohoff / s2-057.py
Created August 23, 2018 17:21
Struts S2-057 PoC exploit
# some ideas from https://mp.weixin.qq.com/s/iBLrrXHvs7agPywVW7TZrg
import sys
import urllib
import urllib2
if len(sys.argv) != 3:
print 'Usage: %s [url] [command]' % sys.argv[0]
exit(1)
@frohoff
frohoff / README.md
Last active April 30, 2018 21:36 — forked from ondrajz/README.md
UserScript: Github Links to Star Badges

preview

@frohoff
frohoff / docker-compose-commands.txt
Created September 8, 2017 17:10
docker-compose command usage/options
$ docker-compose 2>&1 | grep -E ' [a-z]+ ' | awk '{print $1}' | xargs -n1 -I{} docker-compose {} -h 2>&1 | grep -E '^\s*(Usage:|-+[a-z])'
Usage: build [options] [--build-arg key=val...] [SERVICE...]
--force-rm Always remove intermediate containers.
--no-cache Do not use cache when building the image.
--pull Always attempt to pull a newer version of the image.
--build-arg key=val Set build-time variables for one service.
Usage: bundle [options]
--push-images Automatically push images for any services
-o, --output PATH Path to write the bundle file to.
Usage: config [options]
@frohoff
frohoff / versions.yml
Last active September 8, 2017 05:05
travis-ci osx image jdk versions
# https://github.com/frohoff/travistest
# https://github.com/travis-ci/docs-travis-ci-com/issues/593
# https://docs.travis-ci.com/user/reference/osx/#OS-X-Version
osx_image: xcode9 # oraclejdk8 1.8.0_112-b16
osx_image: xcode8.3 # oraclejdk8 1.8.0_112-b16
osx_image: xcode8.2 # oraclejdk8 1.8.0_112-b16
osx_image: xcode8.1 # oraclejdk8 1.8.0_112-b16
osx_image: xcode8 # oraclejdk8 1.8.0_92-b14
osx_image: xcode7.3 # oraclejdk8 1.8.0_74-b02
osx_image: xcode7.2 # oraclejdk8 1.8.0_66-b17
@frohoff
frohoff / Code.gs
Created June 17, 2017 20:11
google sheets directions/distance functions
function qs( obj ) {
return '?'+Object.keys(obj).reduce(function(a,k){a.push(k+'='+encodeURIComponent(obj[k]));return a},[]).join('&')
}
function fetch_directions(o,d) {
Logger.log("fetching: " + JSON.stringify([o,d]));
var userProps = UserProperties.getProperties();