Skip to content

Instantly share code, notes, and snippets.

@xdavidhu
xdavidhu / wokplace-ssl-pinning-bypass.md
Last active April 25, 2024 16:32
Bypassing SSL Pinning in Facebook/Meta Workplace (Android)

Tested on Workplace for Android version 362.0.0.29.109. This approach might work in other Facebook/Meta applications. Thank you Imre Rad for helping me analyze the binary.

How does it work?

The Workplace Android app uses the Fizz open source TLS-1.3 library to communicate with the backend APIs. This library is written in C++, and is compiled to native code. It is running as a native library attached to the Android app.

The certificate verification is implemented in fizz/client/ClientProtocol.cpp, on line 1944. The easiest way to bypass this check is to patch the if (state.verifier()) { check on line 1942.

@xdavidhu
xdavidhu / methods-extractor-from-gcp-console.py
Created January 6, 2021 13:42
A script to mass-extract method names from the GCP Console's Metric page (More info: https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html)
import requests
headers = {
"Authorization": "SAPISIDHASH [sapisidhash]",
"Origin": "https://console.cloud.google.com",
}
cookies = {
"SID": "",
"HSID": "",
@xdavidhu
xdavidhu / httpsserver.py
Last active November 4, 2023 15:10
httpsserver.py
#! /usr/bin/python3
import http.server, ssl, sys, random, string, argparse, socket
hostname = "[domain]"
redirect_enabled = False
redirect_target = ""
redirect_token = ""
manual_redirect_token = False
redirect_code = 303
@xdavidhu
xdavidhu / converter.sh
Last active September 1, 2024 10:56
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
#!/bin/bash
# Converter.sh by @xdavidhu
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
# With this script, you can convert domain lists to resolved IP lists without duplicates.
# Usage: ./converter.sh [domain-list-file] [output-file]
echo -e "[+] Converter.sh by @xdavidhu\n"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
exit 1
@xdavidhu
xdavidhu / ipinfo.py
Last active March 1, 2022 12:49
ipinfo.py - python ipinfo.io cli
#!/usr/bin/env python3
# author: @xdavidhu
import requests, json, sys, socket
if len(sys.argv) > 1:
ip = sys.argv[1]
else:
ip = False

Keybase proof

I hereby claim:

  • I am xdavidhu on github.
  • I am xdavidhu (https://keybase.io/xdavidhu) on keybase.
  • I have a public key ASDkMZTUsxCqD0WnxOK6QA5nLKL0cxFLnRhOkAGBuakWfwo

To claim this, I am signing this object: