Skip to content

Instantly share code, notes, and snippets.

View AkshayJainG's full-sized avatar

AkshayJainG

26 followers · 329 following
View GitHub Profile
@AkshayJainG
AkshayJainG / frida-android-tricks.js
Created April 25, 2021 15:55 — forked from zzzzfeng/frida-android-tricks.js
frida android tricks
frida -U --no-pause -l xx.js -f pkgname (or -p pid)
# PrintStack 输出当前调用堆栈
var Throwable = null;
Java.perform(function () {
Throwable = Java.use("java.lang.Throwable");
});
function PrintStack() {
var stackElements = Throwable.$new().getStackTrace();
@AkshayJainG
AkshayJainG / automatically_redirect.js
Created April 25, 2021 15:54 — forked from ox1111/automatically_redirect.js
Frida Script to automatically redirect all java.net.URLConnections through a proxy of your choosing
// Frida Script to automatically redirect all java.net.URLConnections through a proxy of your choosing
setImmediate(function() {
Java.perform(function() {
var url = Java.use("java.net.URL");
var proxyTypeI = Java.use('java.net.Proxy$Type');
var inetSockAddrWrap = Java.use("java.net.InetSocketAddress");
var proxy = Java.use('java.net.Proxy');
@AkshayJainG
AkshayJainG / index.ts
Created March 18, 2021 08:05 — forked from eybisi/index.ts
frida script to find imposter (amongus 2020.9.9 arm64-v8a)
import { log } from "./logger";
import { AssertionError } from "assert";
const libil2cpp = Process.getModuleByName("libil2cpp.so");
const libil2cppb = libil2cpp.base;
const playerinfo_serialize = libil2cppb.add(0x6c2e30);
const playerinfo_deserialize = libil2cppb.add(0x6c316c);
console.log("Starting script..");
function readString(pointr:NativePointer){
@AkshayJainG
AkshayJainG / intentMonitor.js
Created August 29, 2020 09:25 — forked from bet4it/intentMonitor.js
Monitor android intents with frida
Java.perform(function () {
var act = Java.use("android.app.Activity");
act.getIntent.overload().implementation = function () {
var intent = this.getIntent()
var cp = intent.getComponent()
console.log("Starting " + cp.getPackageName() + "/" + cp.getClassName())
var ext = intent.getExtras();
if (ext) {
var keys = ext.keySet()
var iterator = keys.iterator()
@AkshayJainG
AkshayJainG / frida_webview.js
Created August 29, 2020 09:24 — forked from SimonTheCoder/frida_webview.js
Using frida to inspect an Android WebView
{
console.log("SIMON TEST Begin!");
console.log("Java.available:" + Java.available);
console.log("SIMON TEST End!");
if(Java.available){
Java.perform(function(){
@AkshayJainG
AkshayJainG / frida_trace_open.js
Created August 29, 2020 09:24 — forked from SimonTheCoder/frida_trace_open.js
Trace libc open function using Frida.
var target_fn = "open"
//target module can be set to null, but it will cause lower speed.
var target_module = "libc.so"
var callback_obj =
{
onEnter: function (args) {
var path = Memory.readUtf8String(args[0]);
path = path.replace("\n","");
@AkshayJainG
AkshayJainG / frida_make_http_request.js
Created August 29, 2020 09:24 — forked from SimonTheCoder/frida_make_http_request.js
Test current HTTP request .
function get_url(url){
if(!url){
url = "http://www.baidu.com";
}
Java.perform(function(){
console.log("==========================get_url Begin==========================");
var URL = Java.use("java.net.URL");
var objURL = URL.$new(url);
var openstream = objURL.openStream();
var InputStream = Java.use("java.io.InputStream");
@AkshayJainG
AkshayJainG / hookalloverloads.js
Created August 29, 2020 08:57 — forked from FrankSpierings/hookalloverloads.js
Hook all overloads - Java/Android - Frida
function getGenericInterceptor(className, func, parameters) {
args = []
for (i = 0; i < parameters.length; i++) {
args.push('arg_' + i)
}
var script = "result = this.__FUNCNAME__(__SEPARATED_ARG_NAMES__);\nlogmessage = '__CLASSNAME__.__FUNCNAME__(' + __SEPARATED_ARG_NAMES__ + ') => ' + result;\nconsole.log(logmessage);\nreturn result;"
script = script.replace(/__FUNCNAME__/g, func);
script = script.replace(/__SEPARATED_ARG_NAMES__/g, args.join(', '));
script = script.replace(/__CLASSNAME__/g, className);
@AkshayJainG
AkshayJainG / flutter_ios.js
Created August 29, 2020 08:56 — forked from AICDEV/flutter_ios.js
Frida trace Flutter Functions on iOS
/**
* run the script to a running app: frida -U "appName" -l flutter_ios.js --no-pause
* start app direct with the script: frida -Uf bundleIdentifier -l flutter_ios.js --no-pause
*/
// #############################################
// HELPER SECTION START
var colors = {
"resetColor": "\x1b[0m",
"green": "\x1b[32m",
"yellow": "\x1b[33m",
@AkshayJainG
AkshayJainG / windows_hardening.cmd
Created May 11, 2020 14:13 — forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
: