Skip to content

Instantly share code, notes, and snippets.

View iddoeldor's full-sized avatar

iddoeldor

View GitHub Profile
@iddoeldor
iddoeldor / makeToast.js
Created August 5, 2018 14:06 — forked from myzhan/makeToast.js
Frida android make toast
Java.scheduleOnMainThread(function() {
Toast = Java.use("android.widget.Toast");
var currentApplication = Java.use('android.app.ActivityThread').currentApplication();
var context = currentApplication.getApplicationContext();
Toast.makeText(context,"hello world", Toast.LENGTH_SHORT.value).show();
});
@iddoeldor
iddoeldor / safari-ripper.html
Created September 16, 2018 11:16
Safari Ripper ☠️ (Original tweet: https://twitter.com/pwnsdx/status/1040944750973595649, try it: https://cdn.rawgit.com/pwnsdx/ce64de2760996a6c432f06d612e33aea/raw/23f2faa0aadb4babbfd228c8bb32a26a8c51c741/safari-ripper.html)
<!DOCTYPE html>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
body {
background: repeat url('data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD/7QCIUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAGscAVoAAxslRxwCAAACAAAcAnQAV8KpIENoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbGQgLSBodHRwOi8vd3d3LnJlZGJ1YmJsZS5jb20vcGVvcGxlL0NoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbAD/4gxYSUNDX1BST0ZJTEUAAQEAAAxITGlubwIQAABtbnRyUkdCIFhZWiAHzgACAAkABgAxAABhY3NwTVNGVAAAAABJRUMgc1JHQgAAAAAAAAAAAAAAAAAA9tYAAQAAAADTLUhQICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFjcHJ0AAABUAAAADNkZXNjAAABhAAAAGx3dHB0AAAB8AAAABRia3B0AAACBAAAABRyWFlaAAACGAAAABRnWFlaAAACLAAAABRiWFlaAAACQAAAABRkbW5kAAACVAAAAHBkbWRkAAACxAAAAIh2dWVkAAADTAAAAIZ2aWV3AAAD1AAAACRsdW1pAAAD+AAAABRtZWFzAAAEDAAAACR0ZWNoAAAEMAAAAAxyVFJDAAAEPAAACAxnVFJDAAAEPAAACAxiVFJDAAAEPAAACAx0ZXh0AAAAAENvcHlyaWdodCAoYykgMTk5OCBIZXdsZXR0LVBhY2thcmQgQ29tcGFueQAAZGVzYwAAAAAAAAASc1JHQiBJRUM2MTk2Ni0yLjEAAAAAAAAAAAAAABJzUkdCIElFQzYxOTY2LTIuMQAAAAAAAA
@iddoeldor
iddoeldor / frida_ssl_read_write.js
Created October 18, 2018 17:55 — forked from virtualminds/frida_ssl_read_write.js
frida libmono ssl read
{
onEnter: function (log, args, state) {
soname = Memory.readUtf8String(args[0]);
if(soname.includes('libmono-btls-shared.so')) {
log("libmono-btls-shared.so cargada!");
this.dlopen = true;
this.dlopenMonitor = false;
}
@iddoeldor
iddoeldor / universal_links.js
Created January 29, 2019 14:21 — forked from grepharder/universal_links.js
@iddoeldor
iddoeldor / urlschemefuzzer.js
Last active April 29, 2019 20:35 — forked from grepharder/urlschemefuzzer.js
// https://github.com/JamesHabben/HelpfulPython/blob/master/list-mac-app-urls.py
/*
* Modified from: https://codeshare.frida.re/@dki/ios-url-scheme-fuzzing/
*
* iOS URL Scheme Fuzzing
* Usage: frida -U --codeshare dki/ios-url-scheme-fuzzing SpringBoard
*
* Open the specified URL
* openURL("somescheme://test");
*
@iddoeldor
iddoeldor / solve.py
Created June 30, 2019 10:26 — forked from inaz2/solve.py
angr example of input handling
$ gcc test.c
$ python solve.py
WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | The program is accessing memory or registers with an unspecified value. This could indicate unwanted behavior.
WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | angr will cope with this by generating an unconstrained symbolic variable and continuing. You can resolve this by:
WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | 1) setting a value to the initial state
WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | 2) adding the state option ZERO_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to make unknown regions hold null
WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | 3) adding the state option SYMBOL_FILL_UNCONSTRAINED_{MEMORY_REGISTERS}, to suppress these messages.
WARNING | 2019-05-06 19:54:00,018 | angr.state_plugins.symbolic_memory | Filling register r15 with 8 unconstrained bytes referenced from 0x810 (__libc_csu_
@iddoeldor
iddoeldor / frida-extract-keystore.py
Created July 10, 2019 23:20 — forked from ceres-c/frida-extract-keystore.py
Automatically extract KeyStore objects and relative password from Android applications with Frida - Read more: http://ceres-c.it/frida-android-keystore/
#!/usr/bin/python3
'''
author: ceres-c
usage: ./frida-extract-keystore.py
Once the keystore(s) have been exported you have to convert them to PKCS12 using keytool
'''
import frida, sys, time
@iddoeldor
iddoeldor / dump_hprof.py
Created September 10, 2019 13:32 — forked from Areizen/dump_hprof.py
Dump Hprof Android Frida
#!/usr/bin/python3
from subprocess import Popen
import frida
import time
import sys
dumped = False
def get_script(package_name):
jscode = """
@iddoeldor
iddoeldor / jni_ida_definitions.h
Created September 13, 2019 16:17 — forked from Areizen/jni_ida_definitions.h
typedef void **va_list;
typedef uint8_t jboolean;
typedef int8_t jbyte;
typedef uint16_t jchar;
typedef int16_t jshort;
typedef int32_t jint;
typedef int64_t jlong;
typedef float jfloat;
typedef double jdouble;
@iddoeldor
iddoeldor / bheap.py
Last active January 16, 2020 08:40 — forked from yannayl/babyheap.py
0ctf 2018 heap challenge exploit
from pwn import *
context.bits = 64
#libc = ELF('./libc-2.23.so')
libc = ELF('./libc-2.24.so')
main = ELF('./babyheap.dbg')
#main = ELF('./babyheap')
#dbg_file = './libc-2.23.debug'
def gdb_load_symbols_cmd(sym_file, elf, base):