The source code:
Intent intent = getIntent();
Uri data = intent.getData();
How to print the data or hook the getData() function?
My frida js code is as follows:
var intent = Java.use("android.content.Intent");
intent.getData.implementation=function()
{
console.log("intent");
return this.getData();
}
But it didn't work. Who can help me?
You can't just directly hook getData() function
Steps:
You need to hook getIntent() Method.
You need to hook getData() which is sub method.
Store getData()'s return value in same variable.
Print the value.
Frida Code:
Java.perform(function() {
var act = Java.use("android.app.Activity");
act.getIntent.implementation = function() {
var intent = this.getIntent()
var data = intent.getData();
console.log(data);
return intent;
};
})
Output:
❯ frida -U -l value.js -f com.frida.intentpassing
____
/ _ | Frida 15.1.28 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to Google Pixel (id=192.168.56.101:5555)
Spawned `com.frida.intentpassing`. Use %resume to let the main thread start executing!
[Google Pixel::com.frida.intentpassing ]-> %resume
[Google Pixel::com.frida.intentpassing ]-> null
As there is no any data that's why it's showing Null
Related
I have a PHP login system that should be built to run on both XAMPP and Docker at the same time. My database need to be localy stored.
I create my Container and Image like these:
Image: docker build -t php . Container: docker run -dp 9000:80 --name php-app php
<?php
$host = "host.docker.internal"; // need to be that or 'localhost'
$name = "test";
$user = "root";
$passwort = "";
try {
$mysql = new PDO("mysql:host=$host;dbname=$name", $user, $passwort);
}
catch (PDOException $e) {
echo "SQL Error: ".$e->getMessage();
}
?>
Where do I get the information on which system I am running to make this value dynamic?
You can check if you are inside Docker this way:
function isDocker(): bool
{
return is_file("/.dockerenv");
}
I haven't worked on windows system yet but in Linux, You can check the processes and find process execute using docker or not.
$processes = explode(PHP_EOL, shell_exec('cat /proc/self/cgroup'));
// Check process folder path and pass here
$processes = array_filter($processes);
$is_docker = true;
foreach ($processes as $process) {
if (strpos($process, 'docker') === false) {
$is_docker = false;
}
}
Then you can implement as per your need.
if($is_docker === true){
// Do something
}
i have used a sample wsdl in my java code. when i try to print the output it returns only the package name like:
com.holidaywebservice.holidayservice_v2.CountryCode#6b6478
This happens only when the output was a list.
Part of my code:
HolidayService2 hs1= new HolidayService2();
HolidayService2Soap hss1= hs1.getHolidayService2Soap();
ArrayOfCountryCode acc = hss1.getCountriesAvailable();
system.out.println(acc.getCountryCode());
wsdl url:http://holidaywebservice.com/HolidayService_v2/HolidayService2.asmx?WSDL
With this com.holidaywebservice.holidayservice_v2.CountryCode#6b6478 you're trying to print the ArrayOfCountryCode object. Your code instead should be:
package com.holidaywebservice.holidayservice_v2.clientsample;
import com.holidaywebservice.holidayservice_v2.*;
public class ClientSample {
public static void main(String[] args) {
//Create Web Service Client..."
HolidayService2 service1 = new HolidayService2();
//Create Web Service...
HolidayService2HttpGet port1 = service1.getHolidayService2HttpGet();
//call WS
ArrayOfCountryCode acc = port1.getCountriesAvailable();
for(CountryCode cc : acc.getCountryCode()){
System.out.println("Country code is: " + cc.getCode());
System.out.println("Country code Description is: " + cc.getDescription());
}
}
}
Update Try just adding the below
for(CountryCode cc : acc.getCountryCode()){
System.out.println("Country code is: " + cc.getCode());
System.out.println("Country code Description is: " + cc.getDescription());
}
After the line ArrayOfCountryCode acc = hss1.getCountriesAvailable(); in your current code. But you see the gist of it, acc is an array of country codes.
using the spring security core plugin I am trying to catch event so I am using
grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.onInteractiveAuthenticationSuccessEvent = { e, appCtx ->
def request = org.codehaus.groovy.grails.plugins.springsecurity.SecurityRequestHolder.getRequest()
def session = request.getSession(false)
session.myvar=2
}
but it give me :
2014-06-08 21:49:05,333 [http-bio-8080-exec-6] ERROR [/ammc].[default] - Servlet.service() for servlet [default] in context with path [/ammc] threw exception
Message: No signature of method: groovy.util.ConfigObject.getRequest() is applicable for argument types: () values: []
Line | Method
->> 158 | doCall in Config$_run_closure5
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 95 | call in grails.plugin.springsecurity.SecurityEventListener
| 72 | onApplicationEvent in ''
| 49 | doFilter in grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter
| 82 | doFilter . . . . . in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
notice that the line 158 in the config file is exactly the line
def request = org.codehaus.groovy.grails.plugins.springsecurity.SecurityRequestHolder.getRequest()
which is crazy because I am not invoking groovy.util.ConfigObject.getRequest() in this line
I already tried to clean and compile but nothing change.
and at the same time if I want to catch the failure login event, what event I must catch?
update
I am using grails 2.3.8 and spring-security-core:2.0-RC2
To answer the question
This may be late but...
I believe you mean
def request = grails.plugin.springsecurity.web.SecurityRequestHolder.getRequest()
(note the different package name)
This may not be of much help to #Bilel but it may be to anyone else who happens upon the question.
One a side note:
which is crazy because I am not invoking groovy.util.ConfigObject.getRequest() in this line
When you see weird things like groovy.util.ConfigObject I have come to notice that it usually means a variable in Config does not exist.
Also, on another note:
I don't know if doing it in Config.groovy is an absolute requirement but I believe this gets cleaner if you register a listener.
Here's what I would do:
import org.springframework.context.ApplicationListener
import org.springframework.security.authentication.event. InteractiveAuthenticationSuccessEvent
class MyLoginListener implements ApplicationListener<InteractiveAuthenticationSuccessEvent> {
void onApplicationEvent(InteractiveAuthenticationSuccessEvent event) {
def request = grails.plugin.springsecurity.web.SecurityRequestHolder.getRequest()
def session = request.getSession(false)
session.myvar=2
}
}
and then register it in resources.groovy
beans = {
myLoginListener(MyLoginListener)
}
You need the following line in Config.groovy, but you may already have it there anyway.
grails.plugin.springsecurity.useSecurityEventListener = true
Hey I'm trying to use LinkedIn's OAuth in PHP. I'm stuck at the first step of getting a request token. All I know is you post some values to their server and get your token back. So i post the documented args to 'https://api.linkedin.com/uas/oauth/requestToken' and I get slapped with a 400 error.
here's the request:
$postArr = array();
//$postArr["oauth_callback"] = ""; idk they said this was optional...
$postArr["oauth_consumer_key"] = "ForBritishEyesOnly"; //is this the application secret key or the api key?
$postArr["oauth_nonce"] = "UltraRandomNonceFTW";
$postArr["oauth_timestamp"] = time();
$postArr["oauth_signature_method"] = "HMAC-SHA1"; //lolwut
$postArr["oauth_version"] = "1.0";
$params = array('http'=>array('method'=>'post','content'=>http_build_query($postArr)));
$context = stream_context_create($params);
$stream = file_get_contents('https://api.linkedin.com/uas/oauth/requestToken', false, $context);
I don't think my POST args are correct but ANY help is very appreciated -- I just don't want resort to use someone else's library to solve this.
-------EDIT: ATTEMPT 2 per James' input ---------
ok so here im making a call to the test link you sent me. i'm actually able to get a response back, but it doesnt like my signature (big surprise, i know). So just how bad did I screw up the encryption?
//setup GET args
$url = "http://term.ie/oauth/example/request_token.php?";
$url .= "oauth_version=1.0&";
$url .= "oauth_nonce=" . rand(0, 100000) . "&";
$url .= "oauth_timestamp=" . time() . "&";
$url .= "oauth_consumer_key=key&";
$url .= "oauth_signature_method=HMAC-SHA1&";
//encrypt the request according to 'secret'
$sig = urlencode(base64_encode(hash_hmac("sha1", $url, "secret")));
//append the url encoded signature as the final GET arg
$url .= "oauth_signature=" . $sig;
//do it to it
echo file_get_contents($url);
EDIT by James
Try:
//setup GET args
$url = "http://term.ie/oauth/example/request_token.php?";
$url .= "oauth_consumer_key=key&";
$url .= "oauth_nonce=" . rand(0, 100000) . "&";
$url .= "oauth_signature_method=HMAC-SHA1&";
$url .= "oauth_timestamp=" . time() . "&";
$url .= "oauth_version=1.0&";
I'm on cloud nine. Decided to revisit this problem and got it to work. Here is some very bare bones PHP to build a token request for LinkedIn (it outputs an anchor tag)
<?php
$endpoint = "https://api.linkedin.com/uas/oauth/requestToken";
$key = "YourAPIKey";
$secret = "YourAPISecret";
$params = array(
"oauth_version" => "1.0",
"oauth_nonce" => time(),
"oauth_timestamp" => time(),
"oauth_consumer_key" => $key,
"oauth_signature_method" => "HMAC-SHA1"
);
function SortedArgumentString($inKV)
{
uksort($inKV, 'strcmp');
foreach ($inKV as $k => $v)
$argument[] = $k."=".$v;
return implode('&', $argument);
}
$baseString = "GET&" . urlencode($endpoint) . "&" . urlencode(SortedArgumentString($params));
$params['oauth_signature'] = urlencode(base64_encode(hash_hmac('sha1', $baseString, $secret."&", TRUE)));
echo "<a href=\"" . $endpoint . "?" . SortedArgumentString($params) . "\">Get Token<a/><br/>";
?>
oauth_consumer_key is a value that LinkedIn should have assigned to your app. Did you register with them?
oauth_nonce should be different for each request to prevent replay-attacks.
If you're using HMAC-SHA1 you'll need to add the oauth_signature field yourself. Creating the signature manually is a total PITA.
There's also a lot of Base64 encoding to do (with the added bonus of some special OAuth quirks). I suggest you read the spec.
There is a test server and client at this link. It's quite useful when you're struggling to get the protocol right.
I'm trying to create a batch action (symfony admin) that enables the creation/download on the fly of zip file containing users photos which are avaialable on the uploads/images directory.
Here is the code that I already implemented:
public function executeBatchDownloadFotos(sfWebRequest $request)
{
$zip = new ZipArchive();
// atheletes identifiers
$ids = $request->getParameter('ids');
// get all the atheletes objects
$q = Doctrine_Query::create()
->from('Atleta a')
->whereIn('a.id', $ids);
foreach ($q->execute() as $atleta)
{
$zip->addFile($atleta->id . '_' . $atleta->Clube . '.jpg', 'uploads/atletas/' . $atleta->id . '_' . $atleta->Clube . '.jpg');
}
}
By the other hand, here is the view configuration:
BatchDownloadFotos:
http_metas:
content-type: application/zip
has_layout: false
For some reason, each time execute the batch action, the browser do not prompts me with the window to download the zip file.
After you create ZIP archive in your controller file you should send the content to the browser.
You can do this using methods described here: http://www.symfony-project.org/gentle-introduction/1_4/en/06-Inside-the-Controller-Layer#chapter_06_sub_action_termination
Now you are trying to create ZIP file, but you are not sending it to the browser. You should use setContent() and setHttpHeader() methods.
Your action could look like this (you should add error handling):
public function executeIndex(sfWebRequest $request)
{
$fileName = '/tmp/test.zip';
$zip = new ZipArchive();
$zip->open($fileName, ZipArchive::CREATE);
// add some files to archive
$zip->addFile('/tmp/test', 'test.txt');
$zip->close();
$this->getResponse()->setContent(file_get_contents($fileName));
$this->getResponse()->setHttpHeader('Content-Type', 'application/zip');
$this->getResponse()->setHttpHeader('Content-Disposition',
'attachment; filename=download.zip');
return sfView::NONE;
}