super-auto-pets
MagiskTrustUserCerts
super-auto-pets | MagiskTrustUserCerts | |
---|---|---|
2 | 3 | |
11 | 1,575 | |
- | 1.9% | |
0.0 | 0.0 | |
about 2 years ago | 6 months ago | |
Python | Shell | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
super-auto-pets
-
Mitmproxy 8
I recently used it to modify the response from the replay server for an autobattler game, to let me watch arbitrary replays for theory-crafting and just general fun. The game is called Super Auto Pets, here's the code with the mitmproxy extension: https://github.com/bspammer/super-auto-pets
-
SAP simulator?
on this octopus killer video they left this comment and linked to a github page. https://www.youtube.com/watch?v=qVZvjO2JlV4 I'm intercepting the replay request and injecting my own, code is here https://github.com/bspammer/super-auto-pets although there do seem to be some bugs for example: in this video level 3 pufferfish do not do 6 damage for some reason in this video: https://www.youtube.com/watch?v=U5IAQfiPBo4
MagiskTrustUserCerts
-
Inspecting http traffic from mobile phone applications
I am doing this right now. I'm using burp to proxy the traffic from a mobile application to test it's APIs. I did the following: 1. Root device and install Magisk 2. Connect phone to computer running burp and Android Debug Bridge. 3. Establish proxy connection using adb tunnel and ProxyDroid app. 4. Download Burp certificate to phone (it's stopped in User trust store but needs to be put in System. 5. Use the following Magisk module. MagiskTrustUserCerts 6. Profit
-
Mitmproxy 8
This is true, by default Android apps do not trust user-installed certificate authorities. IMO the easiest solution if you're doing security testing on a dedicated device is MagiskTrustUserCerts[1]. If you're not testing on a dedicated device or you don't want to root the device, I'd recommend using the objection[2] tool which has a guided mode for patching an apk, and you can modify the manifest to add your CA or to trust all user-installed CAs.
[1]: https://github.com/NVISOsecurity/MagiskTrustUserCerts
[2]: https://github.com/sensepost/objection/wiki/Patching-Android...
-
Scraping an Android App
2) in magisk install https://github.com/NVISOsecurity/MagiskTrustUserCerts
What are some alternatives?
deca - Tool for modding APEX engine games (Generation Zero, theHunter, ...)
mitmpcap - export mitmproxy traffic to PCAP file
xmppmitm - XMPP Man-in-the-Middle, quick & dirty
Halo-Asset-Blender-Development-Toolset - CE/H2/H3/ODST JMS/JMA/ASS exporter for Blender
ndbproxy - A proxy/bridge that runs between a Node.JS debug server and a Chromium devtools client and adds some additional features.
proxy.py - ⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • 😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • 👮🏿 "Proxy Server" framework • 🌐 "Web Server" framework • ➵ ➶ ➷ ➠ "PubSub" framework • 👷 "Work" acceptor & executor framework
hetty - An HTTP toolkit for security research.
sapai - Super auto pets engine built with reinforment learning training in mind
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
ssh-mitm - SSH-MITM - ssh audits made simple
objection - 📱 objection - runtime mobile exploration