This is a gist used in the following blog posts:
otuva
/ 00-android-bypass-certificate-pinning-and-mitm-attack-setup.md
Created
November 30, 2022 08:03
— forked from approovm/00-android-bypass-certificate-pinning-and-mitm-attack-setup.md
Certificate Pinning Bypassing: Setup with Frida, mitmproxy and Android Emulator with a writable file system
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| const hashHelper = "com.nymf.android.util.text.HashHelper"; | |
| const mainActivity = "com.nymf.android.MainActivity"; | |
| Java.perform(function x() { | |
| console.log("Inside java perform function"); | |
| // enumarate all loaded classes | |
| Java.enumerateLoadedClasses({ |
otuva
/ DirectoryEnumeration.py
Last active
October 16, 2022 13:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| sub_list = open("wordlist.txt").read() | |
| directories = sub_list.splitlines() | |
| for dir in directories: | |
| dir_enum = f"http://{sys.argv[1]}/{dir}.html" | |
| r = requests.get(dir_enum) | |
| if r.status_code==404: |
otuva
/ socketChallengeUDP.py
Created
September 29, 2022 17:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| HOST="HOST" | |
| PORT=4000 | |
| clientSocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) | |
| clientSocket.sendto("hello".encode(), (HOST,PORT)) | |
| resp = clientSocket.recvfrom(1024) | |
| print("Response: ", resp) |
otuva
/ socketChallenge.py
Last active
May 20, 2023 19:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| HOST = "10.10.102.88" # ← this would be the virtual machine | |
| PORT = 1337 | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| s.connect((HOST, PORT)) | |
| reqString = "GET / HTTP/1.1\r\nHost: {host}:{port}\r\n\r\n".format(host=HOST, port=PORT) | |
| s.sendall(reqString.encode()) | |
| data = s.recv(1024) |
otuva
/ challenge.sh
Created
September 26, 2022 13:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/bash | |
| b64decode() { | |
| echo -n "$1" | base64 -d | |
| } | |
| content=$(cat b64.txt) | |
| for i in {1..50}; do | |
| content=$(b64decode "$content") |
otuva
/ challenge.py
Last active
May 20, 2023 19:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import base64 | |
| def b64decode(string: str): | |
| return base64.b64decode(string) | |
| if __name__ == "__main__": | |
| file = open("/tmp/thm/b64.txt", "r") | |
| content = file.read() | |
| file.close() |
protontricks (INFO): Running inside Flatpak sandbox, version 1.14.0.
protontricks (INFO): Found Steam directory at /home/tfp/.var/app/com.valvesoftware.Steam/.local/share/Steam
protontricks (INFO): Using Steam directory at /home/tfp/.var/app/com.valvesoftware.Steam/.local/share/Steam. You can also define Steam directory manually using $STEAM_DIR
protontricks (INFO): Using default Steam Runtime at /home/tfp/.var/app/com.valvesoftware.Steam/.local/share/Steam/ubuntu12_32/steam-runtime
protontricks (INFO): WINETRICKS environment variable is not available. Searching from $PATH.
protontricks (INFO): Found 1 Steam library folders
protontricks (INFO): Currently logged-in Steam user: <USER>
protontricks (INFO): Couldn't find custom shortcuts. Maybe none have been created yet?
protontricks (INFO): User has configured app Proton version (CompatToolMapping): proton_experimental
$ flatpak run com.github.Matoking.protontricks -v --gui
protontricks (INFO): Running inside Flatpak sandbox, version 1.14.0.
protontricks (INFO): Found Steam directory at /home/tfp/.var/app/com.valvesoftware.Steam/.local/share/Steam
protontricks (INFO): Using Steam directory at /home/tfp/.var/app/com.valvesoftware.Steam/.local/share/Steam. You can also define Steam directory manually using $STEAM_DIR
protontricks (INFO): Using default Steam Runtime at /home/tfp/.var/app/com.valvesoftware.Steam/.local/share/Steam/ubuntu12_32/steam-runtime
protontricks (INFO): WINETRICKS environment variable is not available. Searching from $PATH.
protontricks (INFO): Found 1 Steam library folders
protontricks (INFO): Currently logged-in Steam user: arauwo
otuva
/ xbindkeys.desktop
Created
August 29, 2022 08:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Desktop Entry] | |
| Type=Application | |
| Name=Xbindkeys | |
| Exec=xbindkeys | |
| NoDisplay=false | |
| Terminal=false | |
| Icon=org.gnome.Settings-keyboard-symbolic | |
| Categories=Accessories; |