sh1yo’s blog

[CTFZone 2022] ProxyHell


We can't change our old infrastructure, so we're using 4 proxies to access the flag. What could possibly go wrong?
Read more ⟶

Fuzzing JWT


A way to automate the generation of JWT with the help of mitmproxy.
Read more ⟶

[socket.io] Cross-Site Websockets Hijacking


The socket.io module was vulnerable to cross-site websocker hijacking attack due to the incorrect parsing of the http Origin header.
Read more ⟶