Moein Erfanian electro0nes
JorianWoltjer
/ csrf_multiple_forms.html
Last active
July 11, 2025 22:09
PoC's for CSRF multiple SameSite=Lax requests (https://x.com/J0R1AN/status/1842139861295169836)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <body></body> | |
| <script> | |
| (async () => { | |
| const target = "https://XXX.ngrok-free.app"; | |
| // Warmup | |
| await fetch(target, { | |
| mode: "no-cors", | |
| credentials: "include", | |
| }); |
mhmdiaa
/ js_endpoints_new_tab.js
Created
August 6, 2023 20:22
All credit goes to @renniepak for the original bookmarklet https://twitter.com/renniepak/status/1602620834463588352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| javascript: (function() { | |
| var scripts = document.getElementsByTagName("script"), | |
| regex = /(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g; | |
| const results = new Set; | |
| for (var i = 0; i < scripts.length; i++) { | |
| var t = scripts[i].src; | |
| "" != t && fetch(t).then(function(t) { | |
| return t.text() | |
| }).then(function(t) { | |
| var e = t.matchAll(regex); |
fransr
/ logger.js
Last active
July 17, 2025 13:47
logger.js for hunting script gadgets. More info about script gadgets: https://github.com/google/security-research-pocs/tree/master/script-gadgets (Sebastian Lekies / Eduardo Vela Nava / Krzysztof Kotowicz)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var logger = console.trace; | |
| // ELEMENT | |
| ;(getElementByIdCopy => { | |
| Element.prototype.getElementById = function(q) { | |
| logger('getElementById', q, this, this.innerHTML); | |
| return Reflect.apply(getElementByIdCopy, this, [q]) | |
| } | |
| })(Element.prototype.getElementById) |
Smerity
/ fetch_page.py
Created
August 7, 2015 21:30
An example of fetching a page from Common Crawl using the Common Crawl Index
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import gzip | |
| import json | |
| import requests | |
| try: | |
| from cStringIO import StringIO | |
| except: | |
| from StringIO import StringIO | |
| # Let's fetch the Common Crawl FAQ using the CC index | |
| resp = requests.get('http://index.commoncrawl.org/CC-MAIN-2015-27-index?url=http%3A%2F%2Fcommoncrawl.org%2Ffaqs%2F&output=json') |
Smerity
/ get_all_urls.py
Created
June 23, 2015 01:05
Collect all URLs for NYTimes in the Common Crawl URL Index
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| show_pages = 'http://index.commoncrawl.org/CC-MAIN-2015-18-index?url={query}&output=json&showNumPages=true' | |
| get_page = 'http://index.commoncrawl.org/CC-MAIN-2015-18-index?url={query}&output=json&page={page}' | |
| query = 'nytimes.com/*' | |
| show = requests.get(show_pages.format(query=query)) | |
| pages = show.json()['pages'] | |
| results = set() |