From Terminal
# install dependencies
brew install autoconf # required by pecl
brew install libzip
# install zip extenion in your selected MAMP PHP version
ls /Applications/MAMP/bin/php/
# any apps that registers market:// could be part of user selection list | |
# only google play ID is allowed | |
# need to check for such application existence then launch the intent. | |
public static void secureAppStoreLaunch(Context context) { | |
// you can also use BuildConfig.APPLICATION_ID | |
String appId = context.getPackageName(); | |
Intent rateIntent = new Intent(Intent.ACTION_VIEW, | |
Uri.parse("market://details?id=" + appId)); | |
boolean marketFound = false; |
# https://twitter.com/brsn76945860/status/1171233054951501824 | |
pip install mmh3 | |
----------------------------- | |
# python 2 | |
import mmh3 | |
import requests | |
response = requests.get('https://cybersecurity.wtf/favicon.ico') | |
favicon = response.content.encode('base64') |
#!/usr/bin/env bash | |
################################################## ############## | |
# Bash Web Requester | |
# by Aung Khant, http://yehg.net | |
# License: GPL v2 | |
# | |
# takes 2 arguments: | |
# one is a file with a list of URLs (url like http://site.com/test.asp) | |
# second is file with regexp compatible pattern that checks page content for matched keywords |
// ==UserScript== | |
// @name Log lists of domain in Google search results | |
// @namespace http://tampermonkey.net/ | |
// @version 0.1 | |
// @description try to take over the world! | |
// @author You | |
// @match https://www.google.com/search?q=* | |
// @grant none | |
// ==/UserScript== |
#!/usr/bin/env python2 | |
#============================================================================================================# | |
#======= Simply injects a JavaScript Payload into a GIF. ====================================================# | |
#======= or it creates a JavaScript Payload as a GIF. ====================================================# | |
#======= The resulting GIF must be a valid (not corrupted) GIF. =============================================# | |
#======= Author: marcoramilli.blogspot.com ==================================================================# | |
#======= Version: PoC (don't even think to use it in development env.) ======================================# | |
#======= Disclaimer: ========================================================================================# | |
#THIS IS NOT PEP3 FORMATTED | |
#THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR |
<</div>script</div>>alert()<</div>/script</div>> | |
<</p>script</p>>alert()<</p>/script</p>> | |
<</h1>script</h1>>alert()<</h1>/script</h1>> |
From Terminal
# install dependencies
brew install autoconf # required by pecl
brew install libzip
# install zip extenion in your selected MAMP PHP version
ls /Applications/MAMP/bin/php/
https://mobile-security.gitbook.io/mobile-security-testing-guide/general-mobile-app-testing-guide/0x04f-testing-network-communication | |
Dealing with Xamarin | |
Xamarin is a mobile application development platform that is capable of producing native Android and iOS apps by using Visual Studio and C# as programming language. | |
When testing a Xamarin app and when you are trying to set the system proxy in the WiFi settings you won't be able to see any HTTP requests in your interception proxy, as the apps created by Xamarin do not use the local proxy settings of your phone. There are two ways to resolve this: | |
Add a default proxy to the app, by adding the following code in the OnCreate()or Main() method and re-create the app:WebRequest.DefaultWebProxy = new WebProxy("192.168.11.1", 8080); Use ettercap in order to get a man-in-the-middle position (MITM), see the section above about how to setup a MITM attack. When being MITM we only need to redirect port 443 to our interception proxy running on localhost. This can be d |
Correct Backup Analysis Approach | |
Procedure for backup analysis | |
============================= | |
before-app-run | |
during app run | |
post-run | |
## Dumping SQLite | |
sqlite3 [db] ".dump" | |
#### Getting IP address: | |
in Android emulator, run netcfg or ip addr to know the ip address | |
#### Elevating Terminal app to Root Terminal | |
type: su |