Skip to content

Instantly share code, notes, and snippets.

View macielti's full-sized avatar
⌨️
Always coding

Bruno do Nascimento Maciel macielti

⌨️
Always coding
55 followers · 186 following
View GitHub Profile
@ndavison
ndavison / haproxy-smuggling.md
Last active November 9, 2025 15:18
HAProxy HTTP request smuggling

The following describes a technique to achieve HTTP request smuggling against infrastructure behind a HAProxy server when using specific configuration around backend connection reuse. This was tested against HAProxy versions 1.7.9, 1.7.11, 1.8.19, 1.8.21, 1.9.10, and 2.0.5. Of all these tested versions, only 2.0.5 was not vulnerable out of the box, although it is when using the no option http-use-htx configuration, which reverts back to the legacy HTTP decoder. 2.1 removed the legacy decoder so it is not affected.

To actually exploit HTTP smuggling using the issue described in this writeup, the backend server(s) behind HAProxy would also have to be vulnerable in the sense they too would need to suffer from a bug, but one which parses and accepts a poorly formed Transfer-Encoding header (almost certainly violating RFC7230), and allows HTTP keep-alive.

The HAProxy bug - sending both Transfer-Encoding and Content-Length

This is how HAProxy handles a request when Transfer-Encoding and Content-Length is p

@aminnj
aminnj / download_video.py
Last active October 18, 2023 13:52
Download reddit-hosted videos/audio
import requests
import os
# change this url to the post's url
post_url = "https://www.reddit.com/r/holdmycatnip/comments/7vyada/hmc_so_i_can_drink_this_air_real_quick/"
# use UA headers to prevent 429 error
headers = {
'User-Agent': 'My User Agent 1.0',
'From': 'testyouremail@domain.com'
@nasrulhazim
nasrulhazim / dowload-files-from-ftp-server-using-python3.md
Last active May 6, 2024 09:45
Download Files From FTP Server using Python3 
from ftplib import FTP
from datetime import datetime

start = datetime.now()
ftp = FTP('your-ftp-domain-or-ip')
ftp.login('your-username','your-password')

# Get All Files
files = ftp.nlst()
@davidalves1
davidalves1 / formatar_cnpj_cpf.md
Last active October 13, 2025 16:10
Função para formatar CNPJ e CPF, disponível em PHP e JS

PHP

function formatCnpjCpf($value)
{
  $CPF_LENGTH = 11;
  $cnpj_cpf = preg_replace("/\D/", '', $value);
  
  if (strlen($cnpj_cpf) === $CPF_LENGTH) {
    return preg_replace("/(\d{3})(\d{3})(\d{3})(\d{2})/", "\$1.\$2.\$3-\$4", $cnpj_cpf);
  }
@numberwhun
numberwhun / 22 Hacking Sites To Practice Your Hacking Skills
Created July 14, 2016 00:36
22 Hacking Sites To Practice Your Hacking Skills
Taken from: https://hackerlists.com/hacking-sites/
22 Hacking Sites, CTFs and Wargames To Practice Your Hacking Skills
InfoSec skills are in such high demand right now. As the world continues to turn everything into an app and connect even the most basic devices to the internet, the demand is only going to grow, so it’s no surprise everyone wants to learn hacking these days.
However, almost every day I come across a forum post where someone is asking where they should begin to learn hacking or how to practice hacking. I’ve compiled this list of some of the best hacking sites to hopefully be a valuable resource for those wondering how they can build and practice their hacking skill set. I hope you find this list helpful, and if you know of any other quality hacking sites, please let me know in the comments, so I can add them to the list.
1. CTF365 https://ctf365.com/