This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html | |
# | |
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \ | |
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \ | |
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \ | |
&& adb root \ | |
&& adb remount \ | |
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \ | |
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \ | |
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
addEventListener("fetch", event => { | |
event.respondWith(handleRequest(event.request)) | |
}) | |
//////////////////////////////////////////////////////////////////////////////////////////////////// | |
// ! DON'T LEAK THE SECRETS ! | |
// Use Workers KV if you can https://developers.cloudflare.com/workers/reference/storage/ | |
const telegram_token = "*****REDACTED*****"; | |
const telegram_url = "https://api.telegram.org/bot" + telegram_token + "/sendMessage"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import argparse | |
import urllib.request | |
import concurrent.futures | |
from datetime import datetime, timedelta | |
import sys | |
domains = ["vavkamil.cz"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>Bookmarklet hijacking PoC</title> | |
</head> | |
<body> | |
<h1>Bookmarklet hijacking</h1> | |
<h2>Chromium Proof of Concept</h2> | |
<h3>Steps to reproduce</h3> | |
<p>1. <strong>Double-check that the link executes</strong> <code>alert(1)</code></p> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ apt-get update && apt-get upgrade --assume-yes | |
$ | |
$ pip3 install frida-tools | |
$ pip3 install objection | |
$ | |
$ sudo apt-get install android-tools-adb android-tools-fastboot | |
$ | |
$ wget wget https://github.com/frida/frida/releases/download/12.7.0/frida-server-12.7.0-android-arm64.xz | |
$ unxz frida-server-12.7.0-android-arm64.xz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Plugin Name: covid19-plugin-wp | |
* Plugin URI: https://wordpress.org/plugins/covid19-plugin-wp | |
* Description: This plugin adds a custom widget to display Covid19 statistics for a selected country. | |
* Version: 1.0.1 | |
* Author: @vavkamil | |
* Author URI: https://vavkamil.cz | |
* License: GPL v2 or later |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
from urllib3.exceptions import InsecureRequestWarning | |
import random | |
import string | |
import sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title></title> | |
</head> | |
<body> | |
<h1>Strong TV DoS exploit</h1> | |
<h2>Proof of Concept</h2> | |
<label for="internal_ip">Any internal IP:</label> | |
<input type="text" name="internal_ip" id="internal_ip" autocomplete="off" onchange="get_tv_ip()"> | |
<br><br> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>Hue Bridge CORS PoC</title> | |
<script> | |
var xhr = new XMLHttpRequest(); | |
xhr.open("GET", "https://discovery.meethue.com/") | |
xhr.send(); | |
xhr.onreadystatechange = function(e) { | |
var hue_ip; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
ob_start(); | |
ini_set('display_errors',0); | |
$ipa = $_SERVER['HTTP_CLIENT_IP']? $_SERVER['HTTP_CLIENT_IP'] : ($_SERVER['HTTP_X_FORWARDED_FOR'] ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'] ); | |
$useragent = $_SERVER['HTTP_USER_AGENT']; | |
if(isset($_POST['gotcha'])){ | |
blockBot($ipa); | |
} |
NewerOlder