Skip to content

Instantly share code, notes, and snippets.

Avatar
[hip, hip]

Leon Jacobs leonjza

[hip, hip]
View GitHub Profile
@leonjza
leonjza / README.md
Last active Dec 5, 2020
Traefik docker-compose with Trauth, Wildcard Certs & Metrics
View README.md
@leonjza
leonjza / dump.sh
Last active May 18, 2020
Dump iOS executable content headers using radare2
View dump.sh
#!/usr/bin/env bash
#
# Dump headers for binaries in an extracted iOS applications'
# Payload folder using radare2.
dumpdir="headers/"
mkdir -p $dumpdir
find . -perm +111 -type f | grep -iv "libswift" | while read -r bin; do
echo "< Processing -> $bin"
@leonjza
leonjza / rename.patch
Last active Jan 11, 2021
frida-server remove frida references from /proc/<pid>/maps | apply to frida-core
View rename.patch
diff --git a/server/server.vala b/server/server.vala
index d3fc39f9..3e4d11b3 100644
--- a/server/server.vala
+++ b/server/server.vala
@@ -3,7 +3,7 @@ namespace Frida.Server {
private const string DEFAULT_LISTEN_ADDRESS = "127.0.0.1";
private const uint16 DEFAULT_LISTEN_PORT = 27042;
- private const string DEFAULT_DIRECTORY = "re.frida.server";
+ private const string DEFAULT_DIRECTORY = "re.freeda.server";
@leonjza
leonjza / forward.sh
Created Oct 1, 2019
Forward a new host port to a running docker container.
View forward.sh
#!/bin/bash
# Add a firewall NAT rule to expose a port open in a docker container, on a host.
#
# This is only really useful if the container is already running, and you don't
# want to/can't shut it down, but need a new incoming port open.
#
# Requires `jq` for parsing docker container information.
#
# 2019 @leonjza
@leonjza
leonjza / mettle.js
Created Oct 1, 2019
Mettle Frida Module Load Error
View mettle.js
const dlib = 'mettle.dylib';
const NSDocumentDirectory = 9;
const NSUserDomainMask = 1
const p = ObjC.classes.NSFileManager.defaultManager()
.URLsForDirectory_inDomains_(NSDocumentDirectory, NSUserDomainMask).lastObject().path();
const dylibPath = p + '/' + dlib;
const cm = new CModule(""+
"#include <glib.h>" +
"" +
@leonjza
leonjza / build-steps.sh
Created Aug 14, 2019
objection Jenkins pipeline steps
View build-steps.sh
# Build the target application (PewPew is the name for my app)
xcodebuild build build -workspace PewPew.xcworkspace -scheme PewPew -sdk iphonesimulator12.2
#
# iOS Simulator setup
#
echo "Simulator Setup"
echo "==============="
@leonjza
leonjza / README.md
Last active Aug 14, 2019
objection Flex plugin
View README.md

objection Flex plugin

This plugin should sideload Flex[1], loaded as a plugin in objection[2]. Flex itself should be a shared library (with your target's architecture as either a thin/fat Mach-o).

The source code for a shared library called libFlex is included in this gist as .h and .m files. You need to copy the Classes/ directory from the official Flex project[1] into your project.

[1] https://github.com/Flipboard/FLEX
[2] https://github.com/sensepost/objection

@leonjza
leonjza / pinning.ts.diff
Created May 16, 2019
SSLCertificateChecker-PhoneGap-Plugin Pinning Disable
View pinning.ts.diff
diff --git a/agent/src/ios/pinning.ts b/agent/src/ios/pinning.ts
index 1f9407a..aa2152a 100644
--- a/agent/src/ios/pinning.ts
+++ b/agent/src/ios/pinning.ts
@@ -283,6 +283,38 @@ export namespace sslpinning {
});
};
+ const cordovaCustomURLConnectionDelegate = (ident: string): InvocationListener => {
+ // https://github.com/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin/blob/
@leonjza
leonjza / README.md
Last active Mar 2, 2020
objection Stetho sideload plugin
View README.md
@leonjza
leonjza / cve-2018-6671.txt
Last active Sep 26, 2019
cve-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass
View cve-2018-6671.txt
# CVE-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass
# Specifying an X-Forwarded-For header bypasses the local only check
# https://kc.mcafee.com/corporate/index?page=content&id=SB10240
# https://nvd.nist.gov/vuln/detail/CVE-2018-6671
#
# 2019 @leonjza
#
# Tested on ePO v5.9.1, missing hotfix EPO5xHF1229850
POST /Notifications/testRegExe.do HTTP/1.1