hacktricks/pentesting-web/xss-cross-site-scripting/sniff-leak.md

# Sniff Lek

<details>

<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.

</details>

## Lek skripsinhoud deur dit na UTF16 te omskakel

[**Hierdie uiteensetting**](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#modernism21-solves) lek 'n teks/plain omdat daar geen `X-Content-Type-Options: nosniff`-kop is nie deur 'n paar aanvanklike karakters by te voeg wat javascript laat dink dat die inhoud in UTF-16 is sodat die skrips nie breek nie.

## Lek skripsinhoud deur dit as 'n ICO te hanteer

[**Die volgende uiteensetting**](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#precisionism3-solves) lek die skripsinhoud deur dit te laai asof dit 'n ICO-beeld is wat die `width`-parameter toegang.

<details>

<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.

</details>
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`# Sniff Lek`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
			`<details>`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ander maniere om HackTricks te ondersteun:`
arte 2024-01-01 17:15:42 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* As jy wil sien dat jou maatskappy geadverteer word in HackTricks of HackTricks aflaai in PDF-formaat, kyk na die [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
			`* Kry die [amptelike PEASS & HackTricks swag](https://peass.creator-spring.com)`
			`* Ontdek [The PEASS Family](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Sluit aan by die 💬 [Discord-groep](https://discord.gg/hRep4RUj7f) of die [telegram-groep](https://t.me/peass) of volg ons op Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Deel jou hacktruuks deur PR's in te dien by die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
			`</details>`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`## Lek skripsinhoud deur dit na UTF16 te omskakel`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			[Hierdie uiteensetting](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#modernism21-solves) lek 'n teks/plain omdat daar geen `X-Content-Type-Options: nosniff`-kop is nie deur 'n paar aanvanklike karakters by te voeg wat javascript laat dink dat die inhoud in UTF-16 is sodat die skrips nie breek nie.
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`## Lek skripsinhoud deur dit as 'n ICO te hanteer`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			[Die volgende uiteensetting](https://blog.huli.tw/2022/08/01/en/uiuctf-2022-writeup/#precisionism3-solves) lek die skripsinhoud deur dit te laai asof dit 'n ICO-beeld is wat die `width`-parameter toegang.
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
			`<details>`

Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ander maniere om HackTricks te ondersteun:`
arte 2024-01-01 17:15:42 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* As jy wil sien dat jou maatskappy geadverteer word in HackTricks of HackTricks aflaai in PDF-formaat, kyk na die [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
			`* Kry die [amptelike PEASS & HackTricks swag](https://peass.creator-spring.com)`
			`* Ontdek [The PEASS Family](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Sluit aan by die 💬 [Discord-groep](https://discord.gg/hRep4RUj7f) of die [telegram-groep](https://t.me/peass) of volg ons op Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Deel jou hacktruuks deur PR's in te dien by die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.`
GITBOOK-4038: change request with no subject merged in GitBook 2023-08-16 08:24:17 +00:00
			`</details>`