I hereby claim:
- I am xdavidhu on github.
- I am xdavidhu (https://keybase.io/xdavidhu) on keybase.
- I have a public key ASDkMZTUsxCqD0WnxOK6QA5nLKL0cxFLnRhOkAGBuakWfwo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/env python3 | |
# author: @xdavidhu | |
import requests, json, sys, socket | |
if len(sys.argv) > 1: | |
ip = sys.argv[1] | |
else: | |
ip = False |
#!/bin/bash | |
# Converter.sh by @xdavidhu | |
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
# With this script, you can convert domain lists to resolved IP lists without duplicates. | |
# Usage: ./converter.sh [domain-list-file] [output-file] | |
echo -e "[+] Converter.sh by @xdavidhu\n" | |
if [ -z "$1" ] || [ -z "$2" ]; then | |
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
exit 1 |
#! /usr/bin/python3 | |
import http.server, ssl, sys, random, string, argparse, socket | |
hostname = "[domain]" | |
redirect_enabled = False | |
redirect_target = "" | |
redirect_token = "" | |
manual_redirect_token = False | |
redirect_code = 303 |
import requests | |
headers = { | |
"Authorization": "SAPISIDHASH [sapisidhash]", | |
"Origin": "https://console.cloud.google.com", | |
} | |
cookies = { | |
"SID": "", | |
"HSID": "", |
Tested on Workplace for Android version 362.0.0.29.109. This approach might work in other Facebook/Meta applications. Thank you Imre Rad for helping me analyze the binary.
The Workplace Android app uses the Fizz open source TLS-1.3 library to communicate with the backend APIs. This library is written in C++, and is compiled to native code. It is running as a native library attached to the Android app.
The certificate verification is implemented in fizz/client/ClientProtocol.cpp
, on line 1944.
The easiest way to bypass this check is to patch the if (state.verifier()) {
check on line 1942.