- https://medium.com/@coolx28/security-oriented-open-source-continuous-fuzzing-101-from-start-to-finish-637eaceb9acb
- https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
- https://research.aurainfosec.io/hunting-for-bugs-101/
- https://labsblog.f-secure.com/2017/06/22/super-awesome-fuzzing-part-one/
- https://thecyberrecce.net/2017/03/20/software-exploit-development-fuzzing-with-afl/
- https://www.sec-consult.com/wp-content/uploads/files/vulnlab/the_art_of_fuzzing_slides.pdf
- https://hackernoon.com/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf
Dawid Pastuszak vocaeq
dergachev
/ simple-https-server.py
Created
October 17, 2013 17:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
| # generate server.xml with the following command: | |
| # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| # run as follows: | |
| # python simple-https-server.py | |
| # then in your browser, visit: | |
| # https://localhost:4443 | |
| import BaseHTTPServer, SimpleHTTPServer | |
| import ssl |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // macOS x86_64 syscall works as follows: | |
| // Syscall id is moved into rax | |
| // 1st argument is moved into rdi | |
| // 2nd argument is moved into rsi | |
| // 3rd argument is moved into rdx | |
| // ... plus some more | |
| // Return value is stored in rax (where we put syscall value) | |
| // Mac syscall enum that contains the value to correctly call it | |
| enum Syscall: Int { |
ctkjose
/ readme.md
Last active
January 7, 2025 16:10
— forked from WebReflection/jsc
JavaScriptCore for macOS and Linux
JSC is the JavaScript engine from Apple's JavaScriptCore (WebKit) as a console application that you can use to run script in the terminal.
For more info visit the JSC's webkit wiki page.
Using jsc is simple, the one issue is that Apple keeps changing the location for jsc. To deal with this issue I just create a symbolic link to the binary:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #if 0 | |
| Fixed in iOS 13.0 with CVE-2019-8712. | |
| ApplePPM::setProperties() : OSArray::initWithArray called without locks leads to OOB Writes | |
| __thiscall ApplePPM::setProperties(ApplePPM *this,OSDictionary *param_1) | |
| { | |
| ... | |
| ... | |
- Install
pip3 install frida-toolsor your system - Install Frida on your jailbroken device
- Start the app you want to reverse
- Attach with Frida
frida -U -F - Paste in the script below
- Start a mitmproxy and start sniffing
source https://codeshare.frida.re/@federicodotta/ios13-pinning-bypass/
* Description: iOS 13 SSL Bypass based on https://codeshare.frida.re/@machoreverser/ios12-ssl-bypass/ and https://github.com/nabla-c0d3/ssl-kill-switch2
AkdM
/ ios14-certificate-pinning-bypass.md
Last active
April 21, 2025 04:20
iOS 14 app TLS decrypt / certificate pinning bypass steps
This is not a tutorial, just a small guide to myself but feel free to get some infos here.
Working on an iPhone 7 running iOS 14.5.1
-
Jailbreak an iPhone/iPad/whatever
-
If necessary, you'll need to bypass Jailbreak detection for some apps with tweaks like
A-Bypass,Hestia,HideJB, etc. -
Get the PID of the app you want to capture traffic from with
frida-ps -Ua(ais for showing running apps only, you can-Uto show all running processes instead)
saagarjha
/ library_injector.cpp
Last active
April 22, 2025 17:07
Load a library into newly spawned processes (using DYLD_INSERT_LIBRARIES and EndpointSecurity)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector, | |
| // then codesign with com.apple.developer.endpoint-security.client and run the | |
| // program as root. | |
| #include <EndpointSecurity/EndpointSecurity.h> | |
| #include <algorithm> | |
| #include <array> | |
| #include <bsm/libbsm.h> | |
| #include <cstddef> | |
| #include <cstdint> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <pthread/pthread.h> | |
| #include <mach/mach.h> | |
| struct ool_msg { | |
| mach_msg_header_t hdr; | |
| mach_msg_body_t body; | |
| mach_msg_ool_ports_descriptor_t ool_ports[]; | |
| }; |
PoomSmart
/ build-rootless.sh
Last active
February 9, 2025 08:30
Shell script to build your tweaks compatible with rootless jailbreak.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| PROJECT="$1" | |
| if [ -z "$PROJECT" ]; then | |
| echo "Usage: $0 <project>" | |
| exit 1 | |
| fi |
OlderNewer