ajinabraham

'use strict';

var TrustManager;
var manager;

Java.perform(function () {
  var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');

  TrustManager = Java.registerClass({
    name: 'com.example.TrustManager',

ajinabraham

from psutil import process_iter, NoSuchProcess
from signal import SIGTERM, SIGKILL


def kill_proxy_process(port):
    """Kill 'em all"""
    for proc in process_iter():
        try:
            pinfo = proc.as_dict()
        except NoSuchProcess:

ajinabraham

//Create Private Key with OpenSSL
//openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:3 -out privateKey.pem
//Generate Public Key to be used at the client side (Mobile)
//openssl pkey -in privateKey.pem -out publicKey.pem -pubout
const crypto = require('crypto')
const fs = require('fs')

const private_key = fs.readFileSync('digital_sign/privateKey.pem', 'utf-8')
//File to be signed
const package = fs.readFileSync('webpackage.zip')

ajinabraham

import time
import datetime
import digitalocean
TOKEN = "**"
SERVERS = {**: "**", **: "**"}


def snapshot_backup():
    manager = digitalocean.Manager(token=TOKEN)
    my_droplets = manager.get_all_droplets()

ajinabraham

#!/usr/bin/env python
# Reflects the requests from HTTP methods GET, POST, PUT, and DELETE
# Written by Nathan Hamiel (2010)

from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
from optparse import OptionParser

class RequestHandler(BaseHTTPRequestHandler):
    
    def do_GET(self):

ajinabraham

"""
MOBSF REST API Python Requests
"""

import json
import requests
from requests_toolbelt.multipart.encoder import MultipartEncoder

SERVER = "http://127.0.0.1:8000"
FILE = 'diva-beta.apk'

ajinabraham

<input id="file" type="file" name="file" />
<input class="btn btn-success" type="submit" value="Upload" onclick="uploadFile()"></br>
<input type="button" value="Scan File" onclick="scanFile()"></br>
<input type="button" value="Get JSON" onclick="getJSONReport()"></br>
<input type="button" value="Get PDF" onclick="getPDFReport()"></br>
<input type="button" value="Delete Scan" onclick="deleteSCAN()"></br>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script>
    // Set API Key
    const api_key = "{{ api }}";

ajinabraham

import time

import requests


user = ''
password = ''
session = requests.Session()
session.auth = (user, password)
url= 'https://api.github.com/search/repositories?language:javascript&sort=stars&q=topic:nodejs+topic:express'

ajinabraham

Android RE using Frida

I figured that I would write down my findings somewhere since this is my first time using Frida. This won't cover installing frida, adb, apktool because these are well covered in other sources.

Tools

• https://github.com/frida/frida/
• https://github.com/sensepost/objection
• https://github.com/dweinstein/awesome-frida

Injecting Frida gadget into APKs

ajinabraham

rules:
  - id: env-set
    patterns:
      - pattern-either:
          - pattern: |
              subprocess.check_output([..., "=~/env|set/", ...])
          - pattern: |
              subprocess.run([..., "=~/env|set/", ...])
          - pattern: |
              subprocess.Popen([..., "=~/env|set/", ...])