I figured that I would write down my findings somewhere since this is my first time using Frida. This won't cover installing frida, adb, apktool because these are well covered in other sources.
Ajin Abraham ajinabraham
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| interface=en0 | |
| echo "Disconnecting from WiFi SSID" | |
| sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -z | |
| echo "Turning down ${interface}" | |
| sudo ifconfig -d $interface | |
| mac=$(printf '02:00:00:%02X:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))) | |
| echo "Generated Random MAC Address: ${mac}" | |
| sudo ifconfig $interface ether $mac | |
| echo "MAC address spoofed" | |
| ifconfig $interface lladdr | grep ether |
ajinabraham
/ simplemde sanitize safe example
Created
July 14, 2021 00:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- This example shows how to use simpleMDE safely with DOMPurify when dealing with intrusted user input. | |
| Strip out javascript before rendering Markdown to HTML --> | |
| <link rel="stylesheet" href="https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.css"> | |
| <script src="https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js"></script> | |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/marked/2.1.3/marked.min.js" integrity="sha512-AD+GG1nJKO4Je/Q8QsY1gM9/7o1QjpGe9W2Lrg1oGtEID/RX8bMKKZGgw/KOODkPXL6j74c6eJWAhE/3F2kKjA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> | |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.0/purify.min.js" integrity="sha512-FJzrdtFBVzaaehq9mzbhljqwJ7+jE0GyTa8UBxZdMsMUjflR25f5lJSGD0lmQPHnhQfnctG0B1TNQsObwyJUzA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> | |
| <textarea id="mde"></textarea> |
ajinabraham
/ linkedin_mass_accept.js
Last active
June 27, 2021 18:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Head on to https://www.linkedin.com/mynetwork/invitation-manager/ | |
| //In browser console | |
| var buttons = document.getElementsByTagName('button') | |
| for (let i = 0; i < buttons.length; i++) { | |
| var aria = buttons[i].getAttribute("aria-label") | |
| if (aria && aria.startsWith("Accept")) { | |
| buttons[i].click() | |
| console.log(aria) | |
| } | |
| } |
ajinabraham
/ linkedin_mass_unfollow.js
Last active
June 8, 2023 19:57
General Security Reminder: Do not run code shared by anyone on browser console, unless you know what the code is doing!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 1. Go to https://www.linkedin.com/feed/following/?filterType=member | |
| // 2. Select the ALL filter to see people you follow | |
| // 3. Open console, paste the following and press enter | |
| function massUnfollow(){ | |
| var buttons = document.getElementsByClassName('is-following') | |
| for (let i = 0; i < buttons.length; i++) { | |
| buttons[i].click() | |
| } |
ajinabraham
/ semgrep_static_analysis.yml
Last active
January 31, 2021 15:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules: | |
| - id: env-set | |
| patterns: | |
| - pattern-either: | |
| - pattern: | | |
| subprocess.check_output([..., "=~/env|set/", ...]) | |
| - pattern: | | |
| subprocess.run([..., "=~/env|set/", ...]) | |
| - pattern: | | |
| subprocess.Popen([..., "=~/env|set/", ...]) |
ajinabraham
/ fridanotes.md
Last active
June 3, 2020 01:48
— forked from elevenchars/fridanotes.md
My notes on injecting a frida gadget into an apk
ajinabraham
/ Github Search API (quick hack)
Last active
May 15, 2020 00:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| import requests | |
| user = '' | |
| password = '' | |
| session = requests.Session() | |
| session.auth = (user, password) | |
| url= 'https://api.github.com/search/repositories?language:javascript&sort=stars&q=topic:nodejs+topic:express' |
ajinabraham
/ MobSF REST API JavaScript
Created
August 31, 2018 11:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <input id="file" type="file" name="file" /> | |
| <input class="btn btn-success" type="submit" value="Upload" onclick="uploadFile()"></br> | |
| <input type="button" value="Scan File" onclick="scanFile()"></br> | |
| <input type="button" value="Get JSON" onclick="getJSONReport()"></br> | |
| <input type="button" value="Get PDF" onclick="getPDFReport()"></br> | |
| <input type="button" value="Delete Scan" onclick="deleteSCAN()"></br> | |
| <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> | |
| <script> | |
| // Set API Key | |
| const api_key = "{{ api }}"; |
ajinabraham
/ MobSF REST API Python.py
Last active
February 2, 2024 15:15
MOBSF REST API Python Requests Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| MOBSF REST API Python Requests | |
| """ | |
| import json | |
| import requests | |
| from requests_toolbelt.multipart.encoder import MultipartEncoder | |
| SERVER = "http://127.0.0.1:8000" | |
| FILE = 'diva-beta.apk' |
ajinabraham
/ reflect.py
Created
June 5, 2018 17:13
— forked from huyng/reflect.py
A simple echo server to inspect http web requests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Reflects the requests from HTTP methods GET, POST, PUT, and DELETE | |
| # Written by Nathan Hamiel (2010) | |
| from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
| from optparse import OptionParser | |
| class RequestHandler(BaseHTTPRequestHandler): | |
| def do_GET(self): |
NewerOlder