Skip to content

Instantly share code, notes, and snippets.

View arthusu's full-sized avatar

arthusu

38 followers · 592 following
View GitHub Profile
@haidv35
haidv35 / bypass.js
Created November 24, 2023 07:17
const commonPaths = [
"/data/local/bin/su",
"/data/local/su",
"/data/local/xbin/su",
"/dev/com.koushikdutta.superuser.daemon/",
"/sbin/su",
"/system/app/Superuser.apk",
"/system/bin/failsafe/su",
"/system/bin/su",
"/su/bin/su",
@Fatimas1997
Fatimas1997 / intercept-HTTP-requests-from-Flutter-apps.md
Created October 9, 2023 21:31
How to intercept HTTP traffic from a Flutter application with Burp (Android and iOS)

Intercepting traffic on Android and iOS Flutter applications

I recently stumbled upon an application developed with Flutter, and since it was my first time seeing it, I surprisingly couldn't intercept its requests. After some digging on google, I created this tutorial with the steps that personally worked for me and I wanted to share them in hope to help someone else. Note that the applications that I tested didn't have certificate pinning implemented. I'll update this file once I get to test an application that has it (if I'll be able to bypass it 😃 ).
To simplify the explanation I refer to the machine that hosts Burp as Kali, but you can use whatever linux machine you want.

Android:

There are 2 ways to intercept HTTP connections from a Flutter application installed on an Android device (I'm sure there are more but these are the ones I know). Intercepting requests by changing the proxy settings of the device, through the classic settings of Android, doesn't work in this case, since Flutter applic

@numanturle
numanturle / frida.js
Created May 3, 2023 10:50
ssl-root-bypass
setTimeout(function() {
Java.perform(function() {
console.log('');
console.log('======');
console.log('[#] Android Bypass for various Certificate Pinning methods [#]');
console.log('======');
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
var SSLContext = Java.use('javax.net.ssl.SSLContext');
@azu
azu / javascript-protocol-XSS.md
Last active May 25, 2023 00:12
<a href=javascript:alert(1) traget=_blank>XSS</a> behavior in modern browser.

Almost browsers prevent to XSS that is using javascript: protocol.

<a href=javascript:alert(location.origin) traget=_blank>XSS</a>

Demo: https://nuvjcp.csb.app/

Summary

@ignis-sec
ignis-sec / lol.html
Created September 23, 2021 22:03
alert() without letters or numbers
<script>
/*
〱='',〳=〱,ᘓ=〱+{},ᘒ=〱+[][[]],〱+=[〱==〱],〳+=[!〱],ᘑ=+[],ᘐ=+!+[],ᘔ=ᘐ+ᘐ,ᘕ=ᘔ+ᘐ,ᘖ=ᘔ+ᘕ,ᘖ+=ᘖ+ᘖ+ᘔ,ᘗ=ᘖ+ᘐ,ᘘ=ᘓ[ᘔ+ᘕ],ᘙ=ᘓ[ᘐ],ᘚ=〱[ᘐ],ᘲ=〱[ᘑ],ᘳ=ᘘ+ᘙ+ᘒ[ᘐ]+〳[ᘕ]+ᘲ+ᘚ+ᘒ[ᘑ]+ᘘ+ᘲ+ᘙ+〱[ᘐ],ᘰ=[][ᘳ][ᘳ],ᘏ=''+ᘰ,ᘎ=〳[ᘐ]+〳[ᘔ]+〱[ᘕ]+ᘚ+ᘲ+ᘏ[ᘖ]+ᘏ[ᘗ],ᘰ`ᘳ${ᘎ}```
*/
〱=''
〳=〱 //''
ᘓ=〱+{} //'[object Object]' <- '' + [object Object]
ᘒ=〱+[][[]] //'undefined' <- '' + undefined
@BlockByBlock
BlockByBlock / rari-capital-checklist.txt
Last active June 11, 2023 18:23
Solidity Smart Contract checklist
security-checklist
Opinionated security and code quality checklist for Solidity smart contracts. Based off the BentoBox checklist.
Variables
V1 - Can it be private?
V2 - Can it be constant?
V3 - Can it be immutable/constant?
V4 - Is visibility set? (SWC-108)
V5 - Is the purpose of the variable and other important information documented using natspec?
Structs
@kawing-ho
kawing-ho / aem-list.txt
Created July 15, 2021 23:08
by @z0idsec
///bin///wcm///search///gql.json?query=type:base%20limit:..1&pathPrefix=
/security/.5..json?debug=layout
/online/.-1..json
/bin/querybuilder.json.css?path=/home/&p.limit=8
/bin/querybuilder.json?path=/libs/
/bin/querybuilder.json?path=/content
/bin/querybuilder.json?path=/content/test/test/en_nz/security/
/bin/querybuilder.json?path=/crx/&p.hits=full&p.limit=50
/bin/querybuilder.json?path=/home&p.hits=full&p.limit=-1
/bin/querybuilder.json?fulltext=admin&p.limit=30
@lanmaster53
lanmaster53 / whey-cewler.py
Last active January 9, 2024 18:49
'''
Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written
in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
convenience.
The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
making it "way cooler".
@agnostic-apollo
agnostic-apollo / hasFragileUserData.md
Last active May 13, 2024 18:29
Android hasFragileUserData AndroidManifest.xml flag

The hasFragileUserData flag can be added to the application node of AndroidManifest.xml. If its value is true, then when the user uninstalls the app, a prompt will be shown to the user asking him whether to keep the app's data.

<application
	...
    android:hasFragileUserData="true" tools:targetApi="q">
...
</application>
@bryanjhv
bryanjhv / remove-yape-root-check.md
Last active June 14, 2024 17:47
Eliminar chequeo de ROOT de Yape BCP (Android)

Eliminar chequeo de ROOT de Yape BCP (Android)

Algunos puntos / aclaraciones

  • NO trabajo para BCP en este momento ni previo a esta fecha.
  • NO me hago responsable por lo que otros hagan con este script.
  • NO brindo ningún tipo de soporte, si quieres usarlo lee tutoriales.
  • SOLO para uso personal, NO hacerlo comercial. EVITAR piratear.
  • SI lo RE-POSTEAS, hazlo agregando un enlace a este ORIGINAL.
  • ESPERO que BCP mejore su APP en vez de chequeos TONTOS.