Sunday, July 5, 2026

NATO HACK server to server side authentication ( json.parse error solved html codes online tool)

 {

  "auth": "YOUR_SERVER_KEY",

  "payload": { ... }

}

function authenticate(req, res, next) {

  const key = req.body.auth;

  const SERVER_KEY = process.env.SERVER_KEY;


  if (!key) {

    return res.status(401).json({

      success: false,

      error: 'Missing auth field in JSON body'

    });

  }


  if (key !== SERVER_KEY) {

    return res.status(403).json({

      success: false,

      error: 'Invalid or unauthorized key'

    });

  }


  next();

}


const express = require('express');

const app = express();


app.use(express.json());


function authenticate(req, res, next) {

  const key = req.query.key; // secret in URL

  const SERVER_KEY = "MY_EDU_SECRET";


  if (!key) {

    return res.status(401).json({

      success: false,

      error: "Missing ?key= in URL"

    });

  }


  if (key !== SERVER_KEY) {

    return res.status(403).json({

      success: false,

      error: "Invalid key"

    });

  }


  next();

}


app.post('/api/data', authenticate, (req, res) => {

  res.json({

    success: true,

    message: "Authenticated via URL key",

    data: req.body

  });

});


app.listen(3000, () => console.log("Server running"));


POST /api/data?key=MY_EDU_SECRET


const express = require('express');

const app = express();


app.use(express.json());


function authenticate(req, res, next) {

  const key = req.body.auth; // secret in JSON body

  const SERVER_KEY = "MY_EDU_SECRET";


  if (!key) {

    return res.status(401).json({

      success: false,

      error: "Missing auth field in JSON body"

    });

  }


  if (key !== SERVER_KEY) {

    return res.status(403).json({

      success: false,

      error: "Invalid auth key"

    });

  }


  next();

}


app.post('/api/data', authenticate, (req, res) => {

  res.json({

    success: true,

    message: "Authenticated via JSON body",

    data: req.body

  });

});


app.listen(3000, () => console.log("Server running"));

{

  "auth": "MY_EDU_SECRET",

  "payload": {

    "message": "Hello"

  }

}


<!DOCTYPE html>

<html lang="en">

<head>

<meta charset="UTF-8">

<title>Hack This Request – Vulnerability Playground</title>

<style>

  body { font-family: Arial; margin: 40px; max-width: 900px; }

  input, textarea { width: 100%; padding: 10px; margin: 8px 0; }

  button { padding: 12px 20px; background: #d62828; color: white; border: none; cursor: pointer; }

  button:hover { background: #a4161a; }

  pre { background: #f4f4f4; padding: 15px; border-radius: 6px; }

  .secret-box { background: #ffe8e8; padding: 10px; border-left: 5px solid #d62828; }

  .network-log { background: #eef; padding: 10px; border-left: 5px solid #446; margin-top: 20px; }

</style>

</head>

<body>


<h1>Hack This Request – Vulnerability Playground</h1>

<p>This sandbox simulates insecure APIs. Your mission: <strong>find and leak secrets</strong>.</p>


<div class="secret-box">

  <strong>Server Secret (hidden from students):</strong> 

  <span id="serverSecret">MY_EDU_SECRET</span>

</div>


<hr>


<h2>Network Inspector</h2>

<p>Every request you send will appear here.</p>

<pre id="networkInspector" class="network-log">No requests yet.</pre>


<hr>


<h2>Vulnerability 1 — Secret in URL</h2>

<label>Request URL</label>

<input id="urlInput" value="/api/data?key=MY_EDU_SECRET">


<label>JSON Body</label>

<textarea id="bodyInput" rows="5">{ "message": "Student request" }</textarea>


<button onclick="hackUrl()">Exploit URL Vulnerability</button>


<h3>Server Response</h3>

<pre id="urlResponse"></pre>


<hr>


<h2>Vulnerability 2 — Secret in JSON Body</h2>

<label>Request URL</label>

<input id="urlBodyInput" value="/api/data">


<label>JSON Body (contains secret)</label>

<textarea id="bodyAuthInput" rows="5">

{

  "auth": "MY_EDU_SECRET",

  "message": "Student request"

}

</textarea>


<button onclick="hackBody()">Exploit Body Vulnerability</button>


<h3>Server Response</h3>

<pre id="bodyResponse"></pre>


<hr>


<h2>Vulnerability 3 — Secret in Headers</h2>

<label>Request URL</label>

<input id="headerUrlInput" value="/api/data">


<label>Header Secret</label>

<input id="headerSecretInput" value="MY_EDU_SECRET">


<button onclick="hackHeader()">Exploit Header Vulnerability</button>


<h3>Server Response</h3>

<pre id="headerResponse"></pre>


<hr>


<h2>Vulnerability 4 — Secret in Cookies</h2>

<p>This simulates a server that stores secrets in cookies.</p>


<button onclick="hackCookie()">Exploit Cookie Vulnerability</button>


<h3>Server Response</h3>

<pre id="cookieResponse"></pre>


<hr>


<h2>Vulnerability 5 — Secret in Hidden HTML Fields</h2>

<input type="hidden" id="hiddenSecret" value="MY_EDU_SECRET">


<button onclick="hackHidden()">Exploit Hidden Field Vulnerability</button>


<h3>Server Response</h3>

<pre id="hiddenResponse"></pre>


<script>

// Fake vulnerable server

function fakeServer(request) {

  const secret = document.getElementById("serverSecret").textContent;


  const leaked = {

    requestSent: request,

    leakedSecret: secret,

    warning: "This API is vulnerable. Secrets should NEVER be stored in URLs, bodies, headers, cookies, or hidden fields."

  };


  return leaked;

}


// Network inspector logger

function logNetwork(request) {

  const inspector = document.getElementById("networkInspector");

  inspector.textContent = JSON.stringify(request, null, 2);

}


// Vulnerability 1 — URL

function hackUrl() {

  const url = document.getElementById("urlInput").value;

  const body = document.getElementById("bodyInput").value;


  const request = { type: "URL", url, body };

  logNetwork(request);


  const result = fakeServer(request);

  document.getElementById("urlResponse").textContent = JSON.stringify(result, null, 2);

}


// Vulnerability 2 — Body

function hackBody() {

  const url = document.getElementById("urlBodyInput").value;

  const body = document.getElementById("bodyAuthInput").value;


  const request = { type: "Body", url, body };

  logNetwork(request);


  const result = fakeServer(request);

  document.getElementById("bodyResponse").textContent = JSON.stringify(result, null, 2);

}


// Vulnerability 3 — Header

function hackHeader() {

  const url = document.getElementById("headerUrlInput").value;

  const headerSecret = document.getElementById("headerSecretInput").value;


  const request = { type: "Header", url, headers: { "X-Secret": headerSecret } };

  logNetwork(request);


  const result = fakeServer(request);

  document.getElementById("headerResponse").textContent = JSON.stringify(result, null, 2);

}


// Vulnerability 4 — Cookie

function hackCookie() {

  document.cookie = "secret=MY_EDU_SECRET";


  const request = { type: "Cookie", cookies: document.cookie };

  logNetwork(request);


  const result = fakeServer(request);

  document.getElementById("cookieResponse").textContent = JSON.stringify(result, null, 2);

}


// Vulnerability 5 — Hidden HTML Field

function hackHidden() {

  const hiddenSecret = document.getElementById("hiddenSecret").value;


  const request = { type: "HiddenField", hiddenSecret };

  logNetwork(request);


  const result = fakeServer(request);

  document.getElementById("hiddenResponse").textContent = JSON.stringify(result, null, 2);

}

</script>


</body>

</html>


<hr>


<h2>Vulnerability 6 — Replay Attacks</h2>

<p>Capture a request and replay it to exploit the vulnerability.</p>


<button onclick="captureRequest()">Capture Last Request</button>

<button onclick="replayAttack()">Replay Captured Request</button>


<h3>Captured Request</h3>

<pre id="capturedRequest">No request captured yet.</pre>


<h3>Replay Attack Result</h3>

<pre id="replayResult"></pre>


let lastCapturedRequest = null;


// Capture the last request shown in the network inspector

function captureRequest() {

  const inspector = document.getElementById("networkInspector").textContent;


  try {

    lastCapturedRequest = JSON.parse(inspector);

    document.getElementById("capturedRequest").textContent =

      JSON.stringify(lastCapturedRequest, null, 2);

  } catch {

    document.getElementById("capturedRequest").textContent =

      "No valid request to capture.";

  }

}


// Replay the captured request

function replayAttack() {

  if (!lastCapturedRequest) {

    document.getElementById("replayResult").textContent =

      "No captured request available.";

    return;

  }


  // Fake vulnerable server accepts replayed requests

  const result = {

    replayedRequest: lastCapturedRequest,

    leakedSecret: document.getElementById("serverSecret").textContent,

    attackSuccess: true,

    explanation:

      "Replay attack succeeded because the server does not use timestamps, nonces, or signatures. " +

      "Any previously valid request can be reused by an attacker."

  };


  document.getElementById("replayResult").textContent =

    JSON.stringify(result, null, 2);

}


Saturday, July 4, 2026

Portugal Intel SIRESP failure report july 2026 fires

 


https://cnnportugal.iol.pt/siresp/relatorio-siresp/versao-publica-do-relatorio-do-siresp-foi-cortada-e-ocultou-falhas-da-nos/20260602/6a1f2d9ed34e28842c84c37a

NATO decrypt hack json.parse error html online tool ( classified unrecognized token error)

 <!DOCTYPE html>

<html lang="en">

<head>

<meta charset="UTF-8">

<title>JSON Inspector Tool</title>

<style>

    body { font-family: Arial; margin: 20px; }

    textarea { width: 100%; height: 120px; }

    pre { background: #f4f4f4; padding: 10px; border-radius: 5px; }

    button { padding: 10px 20px; margin-top: 10px; }

</style>

</head>

<body>


<h2>Online JSON Inspector</h2>

<p>Enter an API URL to inspect raw response, sanitize it, and safely parse JSON.</p>


<input id="url" type="text" placeholder="https://api.example.com/data" style="width:100%; padding:8px;">

<button onclick="inspect()">Inspect</button>


<h3>Raw Response</h3>

<pre id="raw"></pre>


<h3>Sanitized Response</h3>

<pre id="clean"></pre>


<h3>Parsed JSON</h3>

<pre id="json"></pre>


<script>

function sanitize(raw) {

    return raw

        .trim()

        .replace(/^\uFEFF/, "")        // remove BOM

        .replace(/^[^({\[]]+/, "");    // remove junk before first { or [

}


async function inspect() {

    const url = document.getElementById("url").value;

    document.getElementById("raw").textContent = "Loading...";


    try {

        const response = await fetch(url);

        const contentType = response.headers.get("content-type") || "";

        const raw = await response.text();


        document.getElementById("raw").textContent = raw;


        const clean = sanitize(raw);

        document.getElementById("clean").textContent = clean;


        if (!contentType.includes("application/json")) {

            document.getElementById("json").textContent =

                "Not JSON (content-type: " + contentType + ")";

            return;

        }


        try {

            const parsed = JSON.parse(clean);

            document.getElementById("json").textContent =

                JSON.stringify(parsed, null, 2);

        } catch (e) {

            document.getElementById("json").textContent =

                "JSON Parse Error: " + e.message;

        }


    } catch (err) {

        document.getElementById("raw").textContent =

            "Fetch Error: " + err.message;

    }

}

</script>


</body>

</html>








<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Universal API & JSON Inspector</title>
<style>
    body { font-family: Arial; margin: 20px; }
    textarea, input { width: 100%; padding: 8px; margin-top: 5px; }
    pre { background: #f4f4f4; padding: 10px; border-radius: 5px; white-space: pre-wrap; }
    button { padding: 10px 20px; margin-top: 10px; }
    .section { margin-top: 30px; }
</style>
</head>
<body>

<h2>Universal API & JSON Inspector Tool</h2>
<p>Diagnose JSON errors, inspect raw responses, sanitize malformed JSON, upload files, and test APIs.</p>

<div class="section">
    <h3>API Request</h3>
    <input id="url" type="text" placeholder="https://api.example.com/data">
    <textarea id="headers" placeholder='{"Authorization": "Bearer TOKEN"}'></textarea>
    <button onclick="inspect()">Send Request</button>
</div>

<div class="section">
    <h3>Upload File (XLS, CSV, JSON)</h3>
    <input type="file" id="fileInput" onchange="handleFile(event)">
</div>

<div class="section">
    <h3>Raw Response</h3>
    <pre id="raw"></pre>
</div>

<div class="section">
    <h3>Sanitized Response</h3>
    <pre id="clean"></pre>
</div>

<div class="section">
    <h3>Parsed JSON</h3>
    <pre id="json"></pre>
</div>

<script>
function sanitize(raw) {
    return raw
        .trim()
        .replace(/^\uFEFF/, "")        // remove BOM
        .replace(/^[^({\[]]+/, "");    // remove junk before first { or [
}

async function inspect() {
    const url = document.getElementById("url").value;
    const headersInput = document.getElementById("headers").value;

    let headers = {};
    try { headers = JSON.parse(headersInput || "{}"); } catch {}

    document.getElementById("raw").textContent = "Loading...";

    try {
        const response = await fetch(url, { headers });
        const contentType = response.headers.get("content-type") || "";
        const raw = await response.text();

        document.getElementById("raw").textContent = raw;

        const clean = sanitize(raw);
        document.getElementById("clean").textContent = clean;

        if (!contentType.includes("application/json")) {
            document.getElementById("json").textContent =
                "Not JSON (content-type: " + contentType + ")";
            return;
        }

        try {
            const parsed = JSON.parse(clean);
            document.getElementById("json").textContent =
                JSON.stringify(parsed, null, 2);
        } catch (e) {
            document.getElementById("json").textContent =
                "JSON Parse Error: " + e.message;
        }

    } catch (err) {
        document.getElementById("raw").textContent =
            "Fetch Error: " + err.message;
    }
}

function handleFile(event) {
    const file = event.target.files[0];
    const reader = new FileReader();

    reader.onload = function(e) {
        const raw = e.target.result;
        document.getElementById("raw").textContent = raw;

        const clean = sanitize(raw);
        document.getElementById("clean").textContent = clean;

        try {
            const parsed = JSON.parse(clean);
            document.getElementById("json").textContent =
                JSON.stringify(parsed, null, 2);
        } catch {
            document.getElementById("json").textContent =
                "Not valid JSON";
        }
    };

    reader.readAsText(file);
}
</script>

</body>
</html>

Wednesday, July 1, 2026

Missiles for sale

 https://www.ebay.com/itm/274729230131

https://www.bombsaway.us/sidewinder.html





NATO HACK server to server side authentication ( json.parse error solved html codes online tool)

 {   "auth": "YOUR_SERVER_KEY",   "payload": { ... } } function authenticate(req, res, next) {   const key = r...