| /* Android ssl certificate pinning bypass script for various methods | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause] | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function() { | |
| console.log(''); |
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
Paul Buonopane [email protected] at NamePros
PGP: https://keybase.io/zenexer
I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.
This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.
This advisory does not yet have associated CVE identifiers.
Git for Windows comes bundled with the "Git Bash" terminal which is incredibly handy for unix-like commands on a windows machine. It is missing a few standard linux utilities, but it is easy to add ones that have a windows binary available.
The basic idea is that C:\Program Files\Git\mingw64\ is your / directory according to Git Bash (note: depending on how you installed it, the directory might be different. from the start menu, right click on the Git Bash icon and open file location. It might be something like C:\Users\name\AppData\Local\Programs\Git, the mingw64 in this directory is your root. Find it by using pwd -W).
If you go to that directory, you will find the typical linux root folder structure (bin, etc, lib and so on).
If you are missing a utility, such as wget, track down a binary for windows and copy the files to the corresponding directories. Sometimes the windows binary have funny prefixes, so
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
| scriptencoding utf-8 | |
| let s:calendar_list = [ | |
| \ ['Australian Holidays', 'en.australian#[email protected]'], | |
| \ ['Austrian Holidays', 'en.austrian#[email protected]'], | |
| \ ['Brazilian Holidays', 'en.brazilian#[email protected]'], | |
| \ ['Canadian Holidays', 'en.canadian#[email protected]'], | |
| \ ['China Holidays', 'en.china#[email protected]'], | |
| \ ['Christian Holidays', 'en.christian#[email protected]'], | |
| \ ['Danish Holidays', 'en.danish#[email protected]'], |
In this document I am using Sass's SCSS syntax. You can choose to use the indented syntax in sass, if you prefer it, it has no functional differences from the SCSS syntax.
For Less, I'm using the JavaScript version because this is what they suggest on the website. The ruby version may be different.