Skip to content

Instantly share code, notes, and snippets.

View windvane.md

WindVane Bridge API (v1.2.2)

提供与客户端通讯的机制。支持WindVane SDK v2.2 以上版本。

WindVane 独有UA

windvane 在客户端中,会将原始UA后面跟上 WindVane/WindVaneSDK的版本号,你可以通过判断UA的方式来检查环境 其中,淘宝主客户端1212版本(IOS 3.4.5 ANDROID 3.9.5)后格式为

@yehgdotnet
yehgdotnet / server.py
Created Oct 28, 2021 — forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
View server.py
#!/usr/bin/env python3
"""
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging
class S(BaseHTTPRequestHandler):
View ftpput.pl
#!/usr/bin/perl -w
#
# $Id: //websites/unixwiz/unixwiz.net/webroot/tools/ftpput.txt#1 $
#
# written by : Stephen J. Friedl
# Software Consultant
# Tustin, California USA
#
# This very simple program is a kind of inverse to wget for ftp: it
# *puts* files to a remote FTP server and returns an exit code that
@yehgdotnet
yehgdotnet / readlocal.js
Created May 25, 2021
Read local file using JavaScript
View readlocal.js
<!-- https://www.geeksforgeeks.org/how-to-read-a-local-text-file-using-javascript/ -->
<!DOCTYPE html>
<html>
<head>
<title>Read Text File</title>
</head>
<body>
<input type="file" name="inputfile"
View is-vpn-active.sh
while true
do
sudo ifconfig tun0 &> /dev/null && echo -e "\033[1;32m" "-- VPN is active --" "\033[0m"
sudo ifconfig tun0 &> /dev/null || echo -e "\033[1;31m" "-- VPN is NOT active --" "\033[0m"
sleep 5
done
View gist:b88fa0bcd3845678d5d8434753a88566
Purpose: To prevent deobfuscation
Symbols are usually stripped during the build process, so you need the compiled byte-code and libraries to verify whether any unnecessary metadata has been discarded.
First find the nm binary in your Android NDK and export it (or create an alias).
View review object serialisation class
Object Serialization
Search the source code for the following keywords:
import java.io.Serializable
implements Serializable
JSON
Static analysis depends on the library being used. In case of the need to counter memory-dumping, make sure that highly sensitive information is not stored in JSON as you cannot guarantee any anti-memory dumping techniques with the standard libraries. You can check for the following keywords per library:
@yehgdotnet
yehgdotnet / gist:ec6ae948a6735d66f6eaff2ef60649a3
Last active Oct 29, 2021
Bypass IP-based restriction through spoofed localhost header
View gist:ec6ae948a6735d66f6eaff2ef60649a3
X-Azure-ClientIP: 127.0.0.1
X-Azure-SocketIP: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Real-Ip: 127.0.0.1
X-Target-IP: 127.0.0.1
X-Forwarded-Host: localhost
True-Client-IP: 127.0.0.1
View shodan.go
package main
import (
"log"
//"os"
"context"
"github.com/ns3777k/go-shodan/shodan"
"fmt"
"flag"
"strings"
@yehgdotnet
yehgdotnet / goreadurlfromfile.go
Created Sep 28, 2020
Go read url from file (change target to your desired domain)
View goreadurlfromfile.go
package main
import (
"fmt"
"regexp"
"io/ioutil"
"log"
"os"
)
func main() {
argsWithoutProg := os.Args[1]