sh1yo’s blog

[CTFZone 2022] ProxyHell

We can't change our old infrastructure, so we're using 4 proxies to access the flag. What could possibly go wrong?
Read more ⟶

Fuzzing JWT

A way to automate the generation of JWT with the help of mitmproxy.
Read more ⟶

[] Cross-Site Websockets Hijacking

The module was vulnerable to cross-site websocker hijacking attack due to the incorrect parsing of the http Origin header.
Read more ⟶