peda
objection
Our great sponsors
peda | objection | |
---|---|---|
7 | 17 | |
5,746 | 6,978 | |
- | 2.0% | |
0.0 | 3.9 | |
3 months ago | 3 months ago | |
Python | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
peda
- Emulating an emulator inside itself. Meet Blink
- Are there any cpu emulators that could help me learn i386 assembly?
-
GDB Verbose Output
Looks like they are using PEDA.
-
Hacked GDB Dashboard Puts It All on Display
There are a lot of these types of tools already in the reverse engineering community (in order of lowest chance of breaking when you throw really weird stuff at it):
GEF: https://gef.readthedocs.io/en/master/
PWNDBG: https://github.com/pwndbg/pwndbg
PEDA: https://github.com/longld/peda
They also come with a slew of different features to aid in RE/exploit dev, but many of them are also useful for debugging really weird issues.
-
Awesome CTF : Top Learning Resource Labs
PEDA - GDB plugin (only python2.7).
-
Awesome Penetration Testing
peda - Python Exploit Development Assistance for GDB.
-
GDB PEDA not being used by default?
Did you follow the instructions? Step 2 adds PEDA to your ~/.gdbinit so it will/should load every time you open gdb. So if it doesn't work check your ~/.gdbinit file.
objection
- apk.sh, make reverse engineering Android apps easier!
- Prerequisites for reverse engineering?
-
Mitmproxy 8
This is true, by default Android apps do not trust user-installed certificate authorities. IMO the easiest solution if you're doing security testing on a dedicated device is MagiskTrustUserCerts[1]. If you're not testing on a dedicated device or you don't want to root the device, I'd recommend using the objection[2] tool which has a guided mode for patching an apk, and you can modify the manifest to add your CA or to trust all user-installed CAs.
[1]: https://github.com/NVISOsecurity/MagiskTrustUserCerts
[2]: https://github.com/sensepost/objection/wiki/Patching-Android...
-
Is this networking knowledge enough ?
Then use runtime tools like Runtime Mobile Security, Grapefruit, and Objection to see stuff in action and practice Frida along with as these tools usually support loading custom Frida scripts.
-
Okhttp3 SSL pinning bypass
you might have more luck in some whitehat hacking groups etc. ive used https://github.com/sensepost/objection to try out my own app.
-
Beststar all songs + unlimited play v1.1
In some form yes. Internally this is just a Frida gadget script which you can see here does support IOS.
What are some alternatives?
gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
frida - Clone this repo to build Frida
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
drozer - The Leading Security Assessment Framework for Android.
pwntools - CTF framework and exploit development library
Free-RASP-Community - SDK providing app protection and threat monitoring for mobile devices, available for Flutter, Cordova, Android and iOS.
dvcs-ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG...
awesome-frida - Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
Metasploit - Metasploit Framework
Apktool - A tool for reverse engineering Android apk files
hashcat - World's fastest and most advanced password recovery utility