adb root; adb connect localhost:6000; sleep 1; adb push frida-server /data/local/tmp/; adb shell "chmod 755 /data/local/tmp/frida-server"; adb shell "/data/local/tmp/frida-server &"
next
frida-ps -U |grep APK
httpx -list mexico | xargs -I {} sh -c 'clean_url=$(echo {} | sed -e "s|https://|1|g" -e "s|http://|2|g"); ffuf -u {}/FUZZ -w raft-large-words.txt -ac -c -e .txt,.php,.bak,.txt,.rar,.sql,.zip,.php_,.old,.bak,._old,._php --recursion --recursion-depth 2 >> ffuf-mexico$clean_url'
W aplikacjach webowych pamiętaj aby sprawdzać czy deweloper nie zapomniał o usunięciu plików .js.map.
Szybki skrypt w PHP i zazwyczaj dobry efekt
<?php
/**
* Created by PhpStorm.
* User: edwinsturt
* Date: 2020-06-24
* Time: 00:45
*/
$file = 'main.ff0058ad.js.map';
if(file_exists($file)) {
$json = json_decode(file_get_contents($file));
$directories = [];
foreach ($json->sources as $index => $source) {
$dir = dirname($source);
if (!is_dir($dir)) {
mkdir($dir, 0755, true);
}
$data = explode('/', $source);
$file = end($data);
file_put_contents($dir . "/" . $file, $json->sourcesContent[$index]);
$files[] = $dir . "/" . $file;
}
echo "<pre>All Source codes has been extracted from map file ";
print_r($files);
}
?>
php skrypt.php i witamy env :)
naabu -s -host 192.168.1.0/24 | while read -r line; do nuclei -u "${line}" >> siec_wew ; done
nmap -iL mexico -p- --open -oG - | awk '/Up$/{print $2}' | xargs -I {} nuclei -target {} -o mexico_all-nucleisubfinder -d testphp.vulnweb.com -all -silent | gau | urldedupe | gf sqli >sql.txt; sqlmap -m sql.txt --batch --dbs --risk 2 --level 5 --random-agent | tee -a sqli.txt
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/lc/gau/v2/cmd/gau@latest
git clone https://github.com/ameenmaali/urldedupe.git;cd urldedupe;cmake CMakeLists.txt;make;cp urldedupe /usr/bin/
go install github.com/tomnomnom/gf@latest;cp ~/go/bin/gf /usr/bin/;mkdir ~/.gf;git clone https://github.com/Sherlock297/gf_patterns.git;cd gf_patterns/;cp *.json ~/.gf;gf -list
https://github.com/ptswarm/reFlutter
❯ pip3 install --upgrade --force-reinstall reflutter
Defaulting to user installation because normal site-packages is not writeable
Collecting reflutter
Downloading reflutter-0.7.8-py3-none-any.whl.metadata (9.0 kB)
Downloading reflutter-0.7.8-py3-none-any.whl (24 kB)
Installing collected packages: reflutter
Attempting uninstall: reflutter
Found existing installation: reflutter 0.7.7
Uninstalling reflutter-0.7.7:
Successfully uninstalled reflutter-0.7.7
WARNING: The script reflutter is installed in '/Users/michal/Library/Python/3.10/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed reflutter-0.7.8
USAGE:
reflutter your.(apk)|(ipa)
❯ /Users/michal/Library/Python/3.10/bin/reflutter 49406.apk
Choose an option:
1. Traffic monitoring and interception
2. Display absolute code offset for functions
[1/2]? 1
Example: (192.168.1.154) etc.
Please enter your BurpSuite IP: 192.168.51.129
Wait...
SnapshotHash: ee1eb666c76a5cb7746faf39d0b97547
The resulting apk file: ./release.RE.apk
Please sign,align the apk file
Configure Burp Suite proxy server to listen on *:8083
Proxy Tab -> Options -> Proxy Listeners -> Edit -> Binding Tab
Then enable invisible proxying in Request Handling Tab
Support Invisible Proxying -> true
DOWNLOAD:
https://github.com/patrickfav/uber-apk-signer
❯ java -jar uber-apk-signer-1.3.0.jar --apks release.RE.apk
source:
/Users/michal/Downloads
zipalign location: BUILT_IN
/var/folders/gs/n5db96m941gb7b4ly4r1dw100000gn/T/uapksigner-2589864279722257602/mac-zipalign-33_0_216157554363753981716.tmp
keystore:
[0] 161a0018 /private/var/folders/gs/n5db96m941gb7b4ly4r1dw100000gn/T/temp_3968706172894682738_debug.keystore (DEBUG_EMBEDDED)
01. release.RE.apk
SIGN
file: /Users/michal/Downloads/release.RE.apk (221.2 MiB)
checksum: e28f1257d549f0cb5cfe774a4ad6ffa379be58f91c74aa6630ad720fcafb253a (sha256)
- zipalign success
- sign success
VERIFY
file: /Users/michal/Downloads/release.RE-aligned-debugSigned.apk (221.34 MiB)
checksum: 6504671cfc17578de09c94f90fdd79cf9fd838de633f3b25c25ba865f5dab1d2 (sha256)
- zipalign verified
- signature verified [v3]
Subject: CN=Android Debug, OU=Android, O=US, L=US, ST=US, C=US
SHA256: 1e08a903aef9c3a721510b64ec764d01d3d094eb954161b62544ea8f187b5953 / SHA256withRSA
Expires: Thu Mar 10 21:10:05 CET 2044
[Thu Mar 14 20:07:37 CET 2024][v1.3.0]
Successfully processed 1 APKs and 0 errors in 5.43 seconds.
❯ adb install release.RE-aligned-debugSigned.apk
Performing Incremental Install
Serving...
Success
Install command complete in 527 ms
~/Downloads ❯ All files should be loaded. Notifying the device.