Skip to content

Instantly share code, notes, and snippets.

View graste's full-sized avatar

Steffen Gransow graste

112 followers · 622 following
View GitHub Profile
@theseer
theseer / q&a.md
Created November 25, 2025 14:42
Caddy Server - First Contact - Fragen aus der Session

Caddy Server - First Contact

Offene Fragen nach der Session

  • Wie sieht es bei den Zertifikatserneuerungen aus?

Die werden ebenfalls automatisch durchgeführt, wenn Letsencrypt oder ZeroSSL - bzw eine ACME CA - im Einsatz ist. Kann man aber natürlich auch "klassisch" manuell machen, wenn man das aus irgendwelchen Gründen braucht.

@albinowax
albinowax / connection-state-attack.bambda
Created October 16, 2025 13:24
Connection state attack Custom Action for Burp Repeater
// For context check out https://portswigger.net/web-security/host-header/exploiting#connection-state-attacks
var connectionId = utilities().randomUtils().randomString(8);
var options = RequestOptions.requestOptions().withConnectionId(connectionId).withHttpMode(HttpMode.HTTP_1);
// Send a simple GET / HTTP/1.1 to the target as the precusor request
var url = requestResponse.request().url();
var precursorRequest = HttpRequest.httpRequestFromUrl(url);
precursorRequest = precursorRequest.withPath("/").withHeader("Connection", "keep-alive");
// Send the attack in the repeater, and update the response pane
@DianaSchef
DianaSchef / symfony_event_dispatcher_lazy_listener.php
Created August 8, 2025 07:29
<?php
// This code is what the Symfony Dependency Injection container performs
// under the hood when registering a listener.
$eventDispatcher->addListener(
KernelEvents::REQUEST,
function ($event) {
// only when here, MyListener and ExpensiveDependency trigger autoloading
// and the time of calling their constructor is spent.
(new MyListener(new ExpensiveDependency))->onKernelRequest($event);
},
@albinowax
albinowax / race-condition-probe.java
Last active October 5, 2025 14:47
Race condition custom action for Burp Repeater
// This will use the single-packet attack for HTTP/2, and last-byte synchronisation for HTTP/1
int NUMBER_OF_REQUESTS = 10;
var reqs = new ArrayList<HttpRequest>();
for (int i = 0; i < NUMBER_OF_REQUESTS; i++) {
reqs.add(requestResponse.request());
}
var responses = api().http().sendRequests(reqs);
var codes = responses.stream().map(HttpRequestResponse::response).filter(Objects::nonNull).map(HttpResponse::statusCode).toList();
logging().logToOutput(codes);
@odrotbohm
odrotbohm / restbucks-stereotypes.adoc
Last active April 19, 2025 23:51
Sample rendering of Spring RESTBucks stereotype structure

Spring Modulith / jMolecules Stereotype Tree

Legend

■ – Application
□ – Module
○ – Named Interface
⊙ – Stereotype
@mhoye
mhoye / gist:dcc2c2febeba230ca7ceb25c970390a1
Last active November 17, 2025 14:48
uBlock Origin Bonus Content
||youtube.com$domain=~youtube.com # Don't pull youtube JS unless you're using youtube. This breaks
# embedded videos, which is mildly inconveninent, but makes everything much faster.
||www.gstatic.com$domain=~google.com
||gstatic.com$domain=~google.com # Don't use gstatic unless you're on Google. This might
# break some things but so far I haven't noticed any problems.
||accounts.google.com$domain=~google.com # Don't pop up the "log in with google" dialog everywhere. This makes the
# internet feel about 95% less creepy.
||static.licdn.com$domain=~www.linkedin.com # I was changing my 4 month old child's diaper when they said to me, Dad,
# don't run LinkedIn code if you're not using Linkedin. Here's what that
# taught me about b2b sales.
@galvao
galvao / docker.outage.sh
Created April 6, 2025 18:13
Can't connect to docker socket after power outage?
sudo systemctl stop docker && \
docker context use default && \
sudo systemctl start docker
@parrot409
parrot409 / writeup.md
Last active November 28, 2025 11:19
CVE-2025-3155

Details

Intro

CVE-2025-3155 affects Yelp which is The Gnome's user help application. It's installed by default on Ubuntu desktop.

what is a scheme

A URI scheme is the part of a Uniform Resource Identifier (URI) that identifies a protocol or a specific application (steam://run/1337) that should handle the resource identified by the URI. It's the part that comes before the colon (://).

@jze
jze / email.md
Created March 6, 2025 16:00
Schreiben an Kommune

Sehr geehrte Damen und Herren,

Name der Kommune ist in Sachen Social Media auf Facebook und Instagram aktiv. Insbesondere im Hinblick auf die letzten Entwicklungen in den USA im Allgemeinen und Meta im Speziellen finde ich es problematisch, Bürgerinnen und Bürger diesem Konzern in die Arme zu treiben. Ohne einen Account dort hat man es deutlich schwerer, mit aktuellen Meldungen versorgt zu werden.

Es gibt aber eine einfache Möglichkeit, der Umklammerung der Konzerne zu entkommen: der Mastodon-Server des Landes. Damit ist man Teil des

@knudmoeller
knudmoeller / 20250213-dataset_with_resources_fisbriker.berlin.de.txt
Created February 13, 2025 21:30
Datasets with resources in fbinter.stadt-berlin.de (but not in gdi.berlin.de)
https://daten.berlin.de/datensaetze/20-grune-hauptwege-wanderkarte-wfs-99a22ff0
https://daten.berlin.de/datensaetze/20-grune-hauptwege-wanderkarte-wms-1f028343
https://daten.berlin.de/datensaetze/3d-gebaudemodelle-im-level-of-detail-1-lod-1-atom-e2a1e24e
https://daten.berlin.de/datensaetze/3d-gebaudemodelle-im-level-of-detail-2-lod-2-atom-3c7c49af
https://daten.berlin.de/datensaetze/3d-gebaudemodelle-im-level-of-detail-2-lod-2-wms-f2a8a483
https://daten.berlin.de/datensaetze/abstellflachen-fur-mikromobilitatsangebote-wfs-6185b5fb
https://daten.berlin.de/datensaetze/abstellflachen-fur-mikromobilitatsangebote-wms-e45c2176
https://daten.berlin.de/datensaetze/adressen-berlin-wfs-634ab8ba
https://daten.berlin.de/datensaetze/adressen-berlin-wms-130748fb
https://daten.berlin.de/datensaetze/adressen-im-inspire-datenmodell-atom-3bd15407