Thanks to visit codestin.com
Credit goes to Github.com

Skip to content
/ lookslegit.zip Public

Proxies requests through a trick with basic auth

lookslegit.zip
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sifex/lookslegit.zip

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.html
index.html
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
server.js
server.js
 
 
vite.config.js
vite.config.js
 
 

Repository files navigation

lookslegit.zip

Jumping on the .zip tld hype train, & because we can use unicode characters in URLs now, we can make a nice web proxy that proxies http requests through a trick with Basic Auth and modify the payload of a seemingly safe looking URL.

After you curl, notice the headers in the curl response to include the following:

❯ curl -v https:⧸⧸raw.githubusercontent.com⧸Homebrew⧸install⧸HEAD⧸[email protected] | head
...
* Server auth using Basic with user 'https'
> GET / HTTP/1.1
> Host: lookslegit.zip
> Authorization: Basic aHR0cHM64qe44qe4cmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbeKnuEhvbWVicmV34qe4aW5zdGFsbOKnuEhFQUTip7hpbnN0YWxsLnNo
< HTTP/1.1 200 OK
...
< warning: This response was modified, and the results should not be trusted. Like at all.
...
<
* Connection #0 to host lookslegit.zip left intact
lol owned
...

Usage

# Replace / with ⧸ character 
curl -v https:⧸⧸raw.githubusercontent.com⧸Homebrew⧸install⧸HEAD⧸[email protected]

Build

npm run build && node dist/server.js

About

Proxies requests through a trick with basic auth

lookslegit.zip

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages