| # Returns instances where anti xss measures are deployed | |
| egrep -r --include "*.cs" -e "(AntiXssEncoder|Server\.HtmlEncode|Html.Encode)" . | |
| # Returns possible command injection areas | |
| egrep -r --include "*.cs" -e "(Process|Process\.Start)\(" . | |
| # Returns possible xss scenarios (string concatention in HTML/XML) | |
| egrep -r --include "*.cs" -e "<.*>\"\s*\+.*\+\s*\"<.*>" . | |
| # Returns places where anti csrf measure are deployed |
| class RickAstley < BetterCap::Proxy::Module | |
| def on_request( request, response ) | |
| if response.content_type =~ /^text\/html.*/ | |
| BetterCap::Logger.info "Rick Rolling http://#{request.host}#{request.url}" | |
| # replace img tags | |
| response.body.gsub!( /\<img.*\>/, '<img src="http://i.giphy.com/Vuw9m5wXviFIQ.gif">' ) | |
| # replace CSS background-images | |
| response.body.gsub!(/url\(.*\.(gif|jpg|jpeg|png).*\)/, 'url("http://i.giphy.com/Vuw9m5wXviFIQ.gif")') | |
| elsif response.content_type =~ /^text\/css.*/ | |
| # replace CSS background-images |
| egrep --include "*.cpp" --include "*.c" -r -e "[\^]?(\.\*)|(\[\w+*\-\w+*\])|(\{\d+[\,\d+]?\})[\$]?" . |
| # see all character arrays of any hardcoded length | |
| egrep --include "*.c*" -rnI -e 'char\s+[a-zA-Z0-9]+\[\d+\]' . |
| #!/bin/bash | |
| # Example of Base URL: http://sg001-vod.sliq.net/00285-vod/_definst_/2016/03/House%20in%20Session_2016-03-22-13.58.50_2461_2.mp4 | |
| BASEURL=$1 | |
| # MAX only works up to 999 because of "seq -f "%03g". Change "%03g" as your order of magnitude increases. | |
| MAX=$2 | |
| for i in $(seq -f "%03g" 0 $MAX); do | |
| wget "$BASEURL/media_$i.ts" -O /tmp/video-$i.mp4 | |
| done |
Let's say you want to access the application shared preferences in /data/data/com.mypackage.
You could try to run adb shell and then run-as com.mypackage
( or adb shell run-as com.mypackge ls /data/data/com.mypackage/shared_prefs),
but on a production release app downloaded from an app store you're most likely to see:
run-as: Package 'com.mypackage' is not debuggable
One of the most useful commands I've developed for reviewing source is a command to extract all strings from a
given directory. To execute this command, open a terminal and cd into the directory containing the source you
would like to audit. Next, run:
egrep -e "(\"|')(\w|\s|\d)*(\"|')" -r -h -I -o . | sort -u
VirtualBox only officially supports OS X guests on an OS X host, but it is possible to create one on an OS X host and transfer it over to a Linux host. This tutorial will go over one possible way to accomplish this task.
In late 2015, I decided to start researching IP Cameras. I decided to try out the cheapest models available on Amazon.com, both because I thought those models would be more “fruitful” and because I was trying to do this research on a budget. It turns out that the security on these lower model IP Cameras is really bad.
I looked at five different IP Cameras and was able to gain root access on four of them within a few hours of starting to poke at them. All of the cameras I looked at cost between $30-$70, and can be purchased directly from Amazon.com.
My goals in completing this research were two-fold:
| // Original research publication: | |
| // https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ | |
| // | |
| // Depdency installation command: | |
| // npm i [email protected] | |
| // | |
| // Node security advisory: | |
| // https://nodesecurity.io/advisories/88 | |
| const jwt = require('jsonwebtoken'); |