Skip to content

Instantly share code, notes, and snippets.

WindVane Bridge API (v1.2.2)

提供与客户端通讯的机制。支持WindVane SDK v2.2 以上版本。

WindVane 独有UA

windvane 在客户端中,会将原始UA后面跟上 WindVane/WindVaneSDK的版本号,你可以通过判断UA的方式来检查环境 其中,淘宝主客户端1212版本(IOS 3.4.5 ANDROID 3.9.5)后格式为

@yehgdotnet
yehgdotnet / server.py
Created October 28, 2021 16:02 — forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
#!/usr/bin/env python3
"""
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging
class S(BaseHTTPRequestHandler):
@yehgdotnet
yehgdotnet / ftpput.pl
Created August 21, 2021 15:11
ftpput.pl
#!/usr/bin/perl -w
#
# $Id: //websites/unixwiz/unixwiz.net/webroot/tools/ftpput.txt#1 $
#
# written by : Stephen J. Friedl
# Software Consultant
# Tustin, California USA
#
# This very simple program is a kind of inverse to wget for ftp: it
# *puts* files to a remote FTP server and returns an exit code that
@yehgdotnet
yehgdotnet / readlocal.js
Created May 25, 2021 04:14
Read local file using JavaScript
<!-- https://www.geeksforgeeks.org/how-to-read-a-local-text-file-using-javascript/ -->
<!DOCTYPE html>
<html>
<head>
<title>Read Text File</title>
</head>
<body>
<input type="file" name="inputfile"
@yehgdotnet
yehgdotnet / is-vpn-active.sh
Created May 23, 2021 07:32
Is VPN active?
while true
do
sudo ifconfig tun0 &> /dev/null && echo -e "\033[1;32m" "-- VPN is active --" "\033[0m"
sudo ifconfig tun0 &> /dev/null || echo -e "\033[1;31m" "-- VPN is NOT active --" "\033[0m"
sleep 5
done
Purpose: To prevent deobfuscation
Symbols are usually stripped during the build process, so you need the compiled byte-code and libraries to verify whether any unnecessary metadata has been discarded.
First find the nm binary in your Android NDK and export it (or create an alias).
@yehgdotnet
yehgdotnet / review object serialisation class
Created April 27, 2021 12:58
object serialisation class
Object Serialization
Search the source code for the following keywords:
import java.io.Serializable
implements Serializable
JSON
Static analysis depends on the library being used. In case of the need to counter memory-dumping, make sure that highly sensitive information is not stored in JSON as you cannot guarantee any anti-memory dumping techniques with the standard libraries. You can check for the following keywords per library:
@yehgdotnet
yehgdotnet / gist:ec6ae948a6735d66f6eaff2ef60649a3
Last active September 28, 2024 23:12
Bypass IP-based restriction through spoofed localhost header
X-Azure-ClientIP: 127.0.0.1
X-Azure-SocketIP: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Real-Ip: 127.0.0.1
X-Target-IP: 127.0.0.1
X-Forwarded-Host: localhost
True-Client-IP: 127.0.0.1
@yehgdotnet
yehgdotnet / shodan.go
Created October 13, 2020 00:04
golang shodan
package main
import (
"log"
//"os"
"context"
"github.com/ns3777k/go-shodan/shodan"
"fmt"
"flag"
"strings"
@yehgdotnet
yehgdotnet / goreadurlfromfile.go
Created September 28, 2020 04:49
Go read url from file (change target to your desired domain)
package main
import (
"fmt"
"regexp"
"io/ioutil"
"log"
"os"
)
func main() {
argsWithoutProg := os.Args[1]