Fork: 0
0xRoM / DirtyScripts
Transfer to URL with SHA Find file
Newer
Older
DirtyScripts / BurpManiProxy.php
root on 12 Nov 2019 1 KB added some stuff
Raw Blame History 
  1. <?php
  2. if(isset($_POST['payload'])){
  3.  
  4. 	$target = "https://www.pwnme.com";
  5.  
  6.  
  7. 	/***
  8. 	 * manipulate dataz herre
  9. 	 */
  10. 	$encoded = base64_encode($_POST['payload']);
  11. 	$dataz = '{"serviceHeader":{"actionId":"11d2cd49-9b6f-4349-9f97-1b13e48d8ab6","authenticator":"Android_WB_RSA2048","deviceFootprint":"RqxMV8A==","deviceModel":"unknown Android SDK built for x86","deviceOS":"Android 6.0","token":"NkI3Mzc5QkI3OURFOQckQrMlZVQjd5VU9GNFc4Ui80dzRwRHZ1dz0="},"params":{"challengeId":"d3d7bb1a-3d93ab4","opData":"'.$encoded.'","signedChallenge":"HGnm62fhJzQRzJ3D5LwJoM4LcoYozMfxXaeQQZ1rmQ666k1eqDnRgUEHe4Qcebb1cy2/5Vg5034EH7FnTh13LIfMYw57RJ+jebYqIkKIqBzmFrToqeOd8w=="}}';
  12.  
  13. 	$headers = ['UserAgent' => 'okhttp/3.9.0', 'app' => 'ANDROID', 'key' => '123'];
  14.  
  15. 	$variable = getdataz($target, $headers, $dataz);
  16. 	echo $variable; // or do manipulation etc.
  17.  
  18. 	/***
  19. 	 *	Leave me
  20. 	 */
  21.  
  22. 	function getdataz($target, $headers, $dataz){
  23. 		$ch = curl_init($target);
  24.  
  25. 		curl_setopt($ch, CURLOPT_HEADER, $headers);
  26. 		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  27. 		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  28. 		curl_setopt($ch, CURLOPT_POSTFIELDS,$dataz);
  29. 		curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8080');
  30. 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  31.  
  32. 		$result = curl_exec($ch);
  33. 		curl_close($ch);
  34.  
  35. 		return $result;
  36. 	}
  37. }
  38.  
  39. ?>
Buy Me A Coffee