Recommended reading about how XSS works, how to avoid this kind of attack.
https://excess-xss.com/
Showing posts with label Web. Show all posts
Showing posts with label Web. Show all posts
Friday, July 17, 2020
Monday, May 11, 2020
Thursday, February 27, 2020
Call Oauth Token server and decode JWT (Json Web Token) from command line
function jwt-d() {
sed 's/\./\n/g' <<< $(cut -d. -f1,2 <<< $1) | base64 --decode | jq
}
decode_base64_url() {
local len=$((${#1} % 4))
local result="$1"
if [ $len -eq 2 ]; then
result="$1"'=='
elif [ $len -eq 3 ];
then result="$1"'='
fi
#echo "$result" | tr '_-' '/+' | openssl enc -d -base64
echo "$result" | tr '_-' '/+' | base64 -d
}
decode_jwt(){
IFS=. read -r jwt_header jwt_body jwt_trail<<<$(echo -n $1)
echo -e "HEADER:"
decode_base64_url ${jwt_header} | jq .
echo -e "\nBODY:"
decode_base64_url ${jwt_body} | jq --arg TZ $(date +"%Z") 'if .exp then (.expStr = (.exp + 3600*($TZ|tonumber) |gmtime|strftime("%d %B %Y - %H:%M:%S"))) | del (.exp) else . end | if .ia
t then (.iatStr = (.iat + 3600*($TZ|tonumber) |gmtime|strftime("%d %B %Y - %H:%M:%S"))) | del(.iat) else . end'
echo -e "TRAIL: \n\n${jwt_trail}"
}
alias jwtd="decode_jwt"
sts_token() {
local tk=$(curl -k -X POST 'https://geratoken.com.br/api/token' --header 'Content-Type: application/x-www-form-urlencoded' --header 'x-empresa-apikey: XXXXXXXX' --header 'x-empresa-correlationID: 123' --header 'x-empresa-flowID: 456' --data-urlencode 'client_id=XXXXXXX' --data-urlencode 'grant_type=client_credentials'
--data-urlencode 'client_secret=XXXXXXX' --cert ~/certificados/mycert.crt --key ~/certificados/mycerkey.key | jq -r .access_token)
echo "TOKEN: " ${tk}
jwtd ${tk}
}
sed 's/\./\n/g' <<< $(cut -d. -f1,2 <<< $1) | base64 --decode | jq
}
decode_base64_url() {
local len=$((${#1} % 4))
local result="$1"
if [ $len -eq 2 ]; then
result="$1"'=='
elif [ $len -eq 3 ];
then result="$1"'='
fi
#echo "$result" | tr '_-' '/+' | openssl enc -d -base64
echo "$result" | tr '_-' '/+' | base64 -d
}
decode_jwt(){
IFS=. read -r jwt_header jwt_body jwt_trail<<<$(echo -n $1)
echo -e "HEADER:"
decode_base64_url ${jwt_header} | jq .
echo -e "\nBODY:"
decode_base64_url ${jwt_body} | jq --arg TZ $(date +"%Z") 'if .exp then (.expStr = (.exp + 3600*($TZ|tonumber) |gmtime|strftime("%d %B %Y - %H:%M:%S"))) | del (.exp) else . end | if .ia
t then (.iatStr = (.iat + 3600*($TZ|tonumber) |gmtime|strftime("%d %B %Y - %H:%M:%S"))) | del(.iat) else . end'
echo -e "TRAIL: \n\n${jwt_trail}"
}
alias jwtd="decode_jwt"
sts_token() {
local tk=$(curl -k -X POST 'https://geratoken.com.br/api/token' --header 'Content-Type: application/x-www-form-urlencoded' --header 'x-empresa-apikey: XXXXXXXX' --header 'x-empresa-correlationID: 123' --header 'x-empresa-flowID: 456' --data-urlencode 'client_id=XXXXXXX' --data-urlencode 'grant_type=client_credentials'
--data-urlencode 'client_secret=XXXXXXX' --cert ~/certificados/mycert.crt --key ~/certificados/mycerkey.key | jq -r .access_token)
echo "TOKEN: " ${tk}
jwtd ${tk}
}
Tuesday, January 17, 2017
Executar html / javascript na barra de endereço
data:text/html,<html><head><script>window.alert('ola')</script></head><body>teste</body></html>
Script para adicionar pagina atual no google bookmarks
Colocar este codigo em um bookmark
javascript:(function(){var%20a=window,b=document,c=encodeURIComponent,d=a.open("https://www.google.com/bookmarks/mark?op=edit&output=popup&bkmk="+c(b.location)+"&title="+c(b.title),"bkmk_popup","left="+((a.screenX||a.screenLeft)+10)+",top="+((a.screenY||a.screenTop)+10)+",height=510px,width=550px,resizable=1,alwaysRaised=1");a.setTimeout(function(){d.focus()},300)})();
Script para adicionar pagina atual no google bookmarks
Colocar este codigo em um bookmark
javascript:(function(){var%20a=window,b=document,c=encodeURIComponent,d=a.open("https://www.google.com/bookmarks/mark?op=edit&output=popup&bkmk="+c(b.location)+"&title="+c(b.title),"bkmk_popup","left="+((a.screenX||a.screenLeft)+10)+",top="+((a.screenY||a.screenTop)+10)+",height=510px,width=550px,resizable=1,alwaysRaised=1");a.setTimeout(function(){d.focus()},300)})();
Monday, October 31, 2016
XSLT CDATA write and read
----------------------------------------
Exemplo inserindo CDATA
----------------------------
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" cdata-section-elements="request-item-list" version="1.0" indent="yes"/>
<xsl:strip-space elements="*" />
<xsl:template match="/">
<xsl:variable name="BODY" select="/ROOT/BODY/data"></xsl:variable>
<mes:payload>
<xsl:text disable-output-escaping="yes"><![CDATA[<]]></xsl:text>![CDATA[<xsl:value-of select="concat('<','request-item-list','>')" />
<xsl:for-each select="$BODY/request_item_list" >
<xsl:value-of select="concat('<','item','>')" />
<xsl:value-of select="concat('<area-code>',./area_code,'<area-code>')" />
<xsl:value-of select="concat('<lob>',./lob,'<lob>')" />
<xsl:value-of select="concat('<product-code>',./product_code,'>product-code>')" />
<xsl:value-of select="concat('<','/item','>')" />
</xsl:for-each>]]<xsl:text disable-output-escaping="yes"><![CDATA[>]]></xsl:text>
</mes:payload>
</xsl:template>
</xsl:stylesheet>
----------------------------------------
Obtendo CDATA
-------------------------------------
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output omit-xml-declaration="yes" />
<xsl:variable name="PAYLOAD" select="/ROOT/BODY/OUTPUT/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='executeSyncResponse']/*[local-name()='message']/*[local-name()='payload']" />
<xsl:template match="/">
<OUTPUT>
<xsl:value-of select="$PAYLOAD" disable-output-escaping="yes" />
</OUTPUT>
</xsl:template>
</xsl:stylesheet>
Exemplo inserindo CDATA
----------------------------
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" cdata-section-elements="request-item-list" version="1.0" indent="yes"/>
<xsl:strip-space elements="*" />
<xsl:template match="/">
<xsl:variable name="BODY" select="/ROOT/BODY/data"></xsl:variable>
<mes:payload>
<xsl:text disable-output-escaping="yes"><![CDATA[<]]></xsl:text>![CDATA[<xsl:value-of select="concat('<','request-item-list','>')" />
<xsl:for-each select="$BODY/request_item_list" >
<xsl:value-of select="concat('<','item','>')" />
<xsl:value-of select="concat('<area-code>',./area_code,'<area-code>')" />
<xsl:value-of select="concat('<lob>',./lob,'<lob>')" />
<xsl:value-of select="concat('<product-code>',./product_code,'>product-code>')" />
<xsl:value-of select="concat('<','/item','>')" />
</xsl:for-each>]]<xsl:text disable-output-escaping="yes"><![CDATA[>]]></xsl:text>
</mes:payload>
</xsl:template>
</xsl:stylesheet>
----------------------------------------
Obtendo CDATA
-------------------------------------
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output omit-xml-declaration="yes" />
<xsl:variable name="PAYLOAD" select="/ROOT/BODY/OUTPUT/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='executeSyncResponse']/*[local-name()='message']/*[local-name()='payload']" />
<xsl:template match="/">
<OUTPUT>
<xsl:value-of select="$PAYLOAD" disable-output-escaping="yes" />
</OUTPUT>
</xsl:template>
</xsl:stylesheet>
XSLT local-name property (name/value)
Para obter ResultCode do xml abaixo
<xsl:variable name="RESULTCODE" select="/ROOT/BODY/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='executeSyncResponse']/*[local-name()='message']/*[local-name()='property'][*[local-name()='name']='ResultCode']/*[local-name()='value']"/>
INPUT
-------------------------------
<ROOT>
<BODY>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.serviceprovider.soa.mw.timbrasil.com.br" xmlns:mes="http://message.ws.connector.soa.mw.timbrasil.com.br">
<soapenv:Header/>
<soapenv:Body>
<ws:executeSyncResponse>
<ws:message>
<mes:property>
<mes:name>ServiceName</mes:name>
<mes:value>PFE_BIT_MSE_SUBSC_QRY</mes:value>
</mes:property>
<mes:property>
<mes:name>ResultCode</mes:name>
<mes:value>111</mes:value>
</mes:property>
</ws:message>
</ws:executeSyncResponse>
</soapenv:Body>
</soapenv:Envelope>
</BODY>
</ROOT>
<xsl:variable name="RESULTCODE" select="/ROOT/BODY/*[local-name()='Envelope']/*[local-name()='Body']/*[local-name()='executeSyncResponse']/*[local-name()='message']/*[local-name()='property'][*[local-name()='name']='ResultCode']/*[local-name()='value']"/>
INPUT
-------------------------------
<ROOT>
<BODY>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.serviceprovider.soa.mw.timbrasil.com.br" xmlns:mes="http://message.ws.connector.soa.mw.timbrasil.com.br">
<soapenv:Header/>
<soapenv:Body>
<ws:executeSyncResponse>
<ws:message>
<mes:property>
<mes:name>ServiceName</mes:name>
<mes:value>PFE_BIT_MSE_SUBSC_QRY</mes:value>
</mes:property>
<mes:property>
<mes:name>ResultCode</mes:name>
<mes:value>111</mes:value>
</mes:property>
</ws:message>
</ws:executeSyncResponse>
</soapenv:Body>
</soapenv:Envelope>
</BODY>
</ROOT>
Tuesday, January 4, 2011
Debugando Web - Java Script / HTML / Css
plugin do firefox equivalente ao Developers Tool do internet explorer, Firebug
http://getfirebug.com/
https://addons.mozilla.org/es-es/firefox/addon/1843/
http://getfirebug.com/
https://addons.mozilla.org/es-es/firefox/addon/1843/
Subscribe to:
Posts (Atom)