How do I implement "Allow users to request from all origins"?
Major frameworks's implementation is following.
*
*
*
| from threading import Thread | |
| import time | |
| class TrafficMagnet(burp.IProxyListener): | |
| def __init__(self): | |
| callbacks.registerProxyListener(self) | |
| self._helpers = callbacks.getHelpers() | |
| self._callbacks = callbacks | |
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
| if (TuroblinksUrlHandler.contains(url, "/verify?", true)) { | |
| C3982h.nullCheck(url, "$this$proceedToParam"); | |
| C3982h.nullCheck(url, "$this$extractQueryParam"); | |
| C3982h.nullCheck("proceed_to", "queryKey"); | |
| String queryParameter = url.toUri().getQueryParameter("proceed_to"); | |
| url = queryParameter != null ? UrlKt.parseUrl(queryParameter) : null; | |
| C3982h.nullCheck(url); | |
| } | |
| Intent intent10 = new Intent(context, WebViewActivity.class); |
| // Usage : frida -U -f bundle_id -l cordova-enable-webview-debug.js --no-pause | |
| Java.perform(function() { | |
| var Webview = Java.use("android.webkit.WebView") | |
| Webview.loadUrl.overload("java.lang.String").implementation = function(url) { | |
| console.log("[+]Loading URL from", url); | |
| this.setWebContentsDebuggingEnabled(true); | |
| this.loadUrl.overload("java.lang.String").call(this, url); | |
| } | |
| }); |
| <script> | |
| /* | |
| γ±='',γ³=γ±,α=γ±+{},α=γ±+[][[]],γ±+=[γ±==γ±],γ³+=[!γ±],α=+[],α=+!+[],α=α+α,α=α+α,α=α+α,α+=α+α+α,α=α+α,α=α[α+α],α=α[α],α=γ±[α],α²=γ±[α],α³=α+α+α[α]+γ³[α]+α²+α+α[α]+α+α²+α+γ±[α],α°=[][α³][α³],α=''+α°,α=γ³[α]+γ³[α]+γ±[α]+α+α²+α[α]+α[α],α°`α³${α}``` | |
| */ | |
| γ±='' | |
| γ³=γ± //'' | |
| α=γ±+{} //'[object Object]' <- '' + [object Object] | |
| α=γ±+[][[]] //'undefined' <- '' + undefined |
The National Cyber Security Centre (NCSC) contributes to jointly enhancing the resilience of the Dutch society in the digital domain and, in doing so, realizes a safe, open and stable information society by providing insight and offering a perspective for action. Therefore it is essential that the ICT systems of the NCSC are safe. The NCSC strives towards providing a high level of security for its system. However, it can occur that one of these systems has a vulnerability.
For more information about reporting the bugs go to https://english.ncsc.nl/contact/reporting-a-vulnerability-cvd
Source
https://gist.github.com/random-robbie/f985ad14fede2c04ac82dd89653f52ad
https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid
| // To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector, | |
| // then codesign with com.apple.developer.endpoint-security.client and run the | |
| // program as root. | |
| #include <EndpointSecurity/EndpointSecurity.h> | |
| #include <algorithm> | |
| #include <array> | |
| #include <bsm/libbsm.h> | |
| #include <cstddef> | |
| #include <cstdint> |
| # MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID | |
| # devices for triggering the vulnerable Windows Driver installer | |
| # credits for the Windows Driver install vuln: @j0nh4t | |
| # | |
| # https://twitter.com/j0nh4t/status/1429049506021138437 | |
| # https://twitter.com/an0n_r0/status/1429263450748895236 | |
| # | |
| # the script was developed & tested on Android LineageOS 18.1 |
| wget https://gist.githubusercontent.com/nullenc0de/bb16be959686295b3b1caff519cc3e05/raw/2016dc0e692821ec045edd5ae5c0aba5ec9ec3f1/api-linkfinder.yaml | |
| echo https://stripe.com/docs/api | hakrawler -t 500 -d 10 |nuclei -t ./linkfinder.yaml -o api.txt | |
| cat api.txt |grep url_params |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_params.txt | |
| cat api.txt |grep relative_links |cut -d ' ' -f 7 |tr , '\n' | tr ] '\n' | tr [ '\n' |tr -d '"' |tr -d "'" |sort -u > api_link_finder.txt |
