incogbyte
/ mixunpin.js
Last active
March 29, 2025 19:59
Frida script to bypass common methods of sslpining Android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
alexander-hanel
/ GORE.md
Last active
April 4, 2025 10:48
Go Lang Reverse Engineering Resources/Links
- Dissecting Go Binaries
- Go: Overview of the Compiler
- Go compiler internals: adding a new statement to Go - Part 1
- Go compiler internals: adding a new statement to Go - Part 2
- Reversing GO binaries like a pro
- How a Go Program Compiles down to Machine Code
- Analyzing Golang Executables
- Go Reverse Engineering Tool Kit
- go-internals book
- [Reconstructing Program Semantics from Go Binaries](http://home.in.tum.de/
JerryLokjianming
/ Crack Sublime Text Windows and Linux.md
Last active
April 18, 2025 22:33
Crack Sublime Text 3.2.2 Build 3211 and Sublime Text 4 Alpha 4098 with Hex
- Download & Install Sublime Text 3.2.2 Build 3211
- Visit https://hexed.it/
- Open file select sublime_text.exe
- Offset
0x8545: Original84->85 - Offset
0x08FF19: Original75->EB - Offset
0x1932C7: Original75->74(remove UNREGISTERED in title bar, so no need to use a license)
akabe1
/ frida_multiple_unpinning.js
Last active
April 15, 2025 19:42
Another Android ssl certificate pinning bypass for various methods
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Android ssl certificate pinning bypass script for various methods | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause] | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function() { | |
| console.log(''); |
cs8425
/ setDefaultNS.go
Last active
March 5, 2025 08:30
DNS resolve workaround for android in pure go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "net" | |
| "sync" | |
| "time" | |
| _ "unsafe" | |
| ) |
rustymagnet3000
/ a_openssl_command_playground.md
Last active
December 8, 2023 09:19
openSSL Playground
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Possible values for ext-name: | |
| bcmath | |
| bz2 | |
| calendar | |
| ctype | |
| curl | |
| dba | |
| dom | |
| enchant |
Zenexer
/ escapeshellrce.md
Last active
February 10, 2025 18:30
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
Paul Buonopane [email protected] at NamePros
PGP: https://keybase.io/zenexer
I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.
This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.
This advisory does not yet have associated CVE identifiers.
NewerOlder