├── .gitattributes
├── .gitignore
├── bypass-XPO
    ├── iframe_src_future.php
    ├── poc.html
    ├── readme.md
    └── xpo.php
├── create_readme.py
├── fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code
    ├── fuzzfile
    │   ├── 200.php
    │   ├── 201.php
    │   ├── 202.php
    │   ├── 203.php
    │   ├── 204.php
    │   ├── 205.php
    │   ├── 206.php
    │   ├── 207.php
    │   ├── 208.php
    │   ├── 226.php
    │   ├── 300.php
    │   ├── 301.php
    │   ├── 302.php
    │   ├── 303.php
    │   ├── 304.php
    │   ├── 305.php
    │   ├── 306.php
    │   ├── 307.php
    │   └── 308.php
    ├── generate_phpfile.py
    ├── location_to_another.php
    ├── readme.md
    ├── status_code_in_phpself.php
    ├── test.html
    ├── test_chrome_js_outside_execute.html
    ├── test_chrome_xss_adult.html
    └── xss.php
├── fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0
    ├── firefox.png
    ├── fuzz.html
    ├── http_status_code_in_query.php
    └── readme.md
├── fuzzing_char_after_angel_bracket
    ├── fuzz.html
    ├── main.py
    └── readme.md
├── golang-use-struct-inheritance-and-bson-together.md
├── golang_https_http_server_conflict
    ├── app.go
    ├── cert.pem
    ├── create_file
    │   └── create_file.go
    └── private.pem
├── onetips
    ├── heavy-query-sqli.md
    └── readme.md
├── postMessage_and_addEventListener_message
    ├── postmessage.html
    └── topwindow.html
├── python-url-object-for-uniq
    ├── readme.md
    └── url_filter.py
├── readme.md
├── request_merging
    ├── fuzz_size_of_response.html
    ├── iframe.html
    ├── iframe_merging_poc.html
    ├── iframe_request_merging.html
    ├── img0.png
    ├── img1.png
    ├── index.html
    ├── jsonp.php
    ├── many_out_script.html
    ├── poc.html
    ├── readme.bak.md.txt
    ├── readme.md
    └── response_with_diff_size.py
└── xunfeng_icmp_scan_test.py


/.gitattributes:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/.gitattributes


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/.gitignore


--------------------------------------------------------------------------------
/bypass-XPO/iframe_src_future.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/bypass-XPO/iframe_src_future.php


--------------------------------------------------------------------------------
/bypass-XPO/poc.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/bypass-XPO/poc.html


--------------------------------------------------------------------------------
/bypass-XPO/readme.md:
--------------------------------------------------------------------------------
1 | # bypass X-Frame-Options: SAMEORIGIN
2 | 
3 | 
4 | 


--------------------------------------------------------------------------------
/bypass-XPO/xpo.php:
--------------------------------------------------------------------------------
1 | <?php
2 | // by neargle
3 | 
4 | header('X-Frame-Options: SAMEORIGIN');
5 | 
6 | echo("hello world!");
7 | 


--------------------------------------------------------------------------------
/create_readme.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/create_readme.py


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/200.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/200.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/201.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/201.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/202.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/202.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/203.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/203.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/204.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/204.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/205.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/205.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/206.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/206.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/207.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/207.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/208.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/208.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/226.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/226.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/300.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/300.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/301.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/301.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/302.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/302.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/303.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/303.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/304.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/304.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/305.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/305.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/306.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/306.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/307.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/307.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/308.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/fuzzfile/308.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/generate_phpfile.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/generate_phpfile.py


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/location_to_another.php:
--------------------------------------------------------------------------------
1 | <?php
2 | echo "alert(666);";
3 | header('Location: http://case.neargle.com');
4 | 


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/readme.md


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/status_code_in_phpself.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/status_code_in_phpself.php


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/test.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/test.html


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/test_chrome_js_outside_execute.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/test_chrome_js_outside_execute.html


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/test_chrome_xss_adult.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/test_chrome_xss_adult.html


--------------------------------------------------------------------------------
/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/xss.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-Chrome-XSS-Auditor-by-HTTP-status-code/xss.php


--------------------------------------------------------------------------------
/fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0/firefox.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0/firefox.png


--------------------------------------------------------------------------------
/fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0/fuzz.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0/fuzz.html


--------------------------------------------------------------------------------
/fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0/http_status_code_in_query.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0/http_status_code_in_query.php


--------------------------------------------------------------------------------
/fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing-browser-MIME-Sniffing-by-status-code-in-HTTP1.0/readme.md


--------------------------------------------------------------------------------
/fuzzing_char_after_angel_bracket/fuzz.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing_char_after_angel_bracket/fuzz.html


--------------------------------------------------------------------------------
/fuzzing_char_after_angel_bracket/main.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing_char_after_angel_bracket/main.py


--------------------------------------------------------------------------------
/fuzzing_char_after_angel_bracket/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/fuzzing_char_after_angel_bracket/readme.md


--------------------------------------------------------------------------------
/golang-use-struct-inheritance-and-bson-together.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/golang-use-struct-inheritance-and-bson-together.md


--------------------------------------------------------------------------------
/golang_https_http_server_conflict/app.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/golang_https_http_server_conflict/app.go


--------------------------------------------------------------------------------
/golang_https_http_server_conflict/cert.pem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/golang_https_http_server_conflict/cert.pem


--------------------------------------------------------------------------------
/golang_https_http_server_conflict/create_file/create_file.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/golang_https_http_server_conflict/create_file/create_file.go


--------------------------------------------------------------------------------
/golang_https_http_server_conflict/private.pem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/golang_https_http_server_conflict/private.pem


--------------------------------------------------------------------------------
/onetips/heavy-query-sqli.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/onetips/heavy-query-sqli.md


--------------------------------------------------------------------------------
/onetips/readme.md:
--------------------------------------------------------------------------------
1 | # 把 漏洞 或者 Writeup 拆开成一个个知识点
2 | 
3 | 使得信息更加简洁。
4 | 


--------------------------------------------------------------------------------
/postMessage_and_addEventListener_message/postmessage.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/postMessage_and_addEventListener_message/postmessage.html


--------------------------------------------------------------------------------
/postMessage_and_addEventListener_message/topwindow.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/postMessage_and_addEventListener_message/topwindow.html


--------------------------------------------------------------------------------
/python-url-object-for-uniq/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/python-url-object-for-uniq/readme.md


--------------------------------------------------------------------------------
/python-url-object-for-uniq/url_filter.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/python-url-object-for-uniq/url_filter.py


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/readme.md


--------------------------------------------------------------------------------
/request_merging/fuzz_size_of_response.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/fuzz_size_of_response.html


--------------------------------------------------------------------------------
/request_merging/iframe.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/iframe.html


--------------------------------------------------------------------------------
/request_merging/iframe_merging_poc.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/iframe_merging_poc.html


--------------------------------------------------------------------------------
/request_merging/iframe_request_merging.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/iframe_request_merging.html


--------------------------------------------------------------------------------
/request_merging/img0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/img0.png


--------------------------------------------------------------------------------
/request_merging/img1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/img1.png


--------------------------------------------------------------------------------
/request_merging/index.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/index.html


--------------------------------------------------------------------------------
/request_merging/jsonp.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/jsonp.php


--------------------------------------------------------------------------------
/request_merging/many_out_script.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/many_out_script.html


--------------------------------------------------------------------------------
/request_merging/poc.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/poc.html


--------------------------------------------------------------------------------
/request_merging/readme.bak.md.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/readme.bak.md.txt


--------------------------------------------------------------------------------
/request_merging/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/readme.md


--------------------------------------------------------------------------------
/request_merging/response_with_diff_size.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/request_merging/response_with_diff_size.py


--------------------------------------------------------------------------------
/xunfeng_icmp_scan_test.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/neargle/tips-note/HEAD/xunfeng_icmp_scan_test.py


--------------------------------------------------------------------------------