Newer
Older
DirtyScripts / BurpManiProxy.php
root on 12 Nov 2019 1 KB added some stuff
<?php
if(isset($_POST['payload'])){

	$target = "https://www.pwnme.com";


	/***
	 * manipulate dataz herre
	 */
	$encoded = base64_encode($_POST['payload']);
	$dataz = '{"serviceHeader":{"actionId":"11d2cd49-9b6f-4349-9f97-1b13e48d8ab6","authenticator":"Android_WB_RSA2048","deviceFootprint":"RqxMV8A==","deviceModel":"unknown Android SDK built for x86","deviceOS":"Android 6.0","token":"NkI3Mzc5QkI3OURFOQckQrMlZVQjd5VU9GNFc4Ui80dzRwRHZ1dz0="},"params":{"challengeId":"d3d7bb1a-3d93ab4","opData":"'.$encoded.'","signedChallenge":"HGnm62fhJzQRzJ3D5LwJoM4LcoYozMfxXaeQQZ1rmQ666k1eqDnRgUEHe4Qcebb1cy2/5Vg5034EH7FnTh13LIfMYw57RJ+jebYqIkKIqBzmFrToqeOd8w=="}}';

	$headers = ['UserAgent' => 'okhttp/3.9.0', 'app' => 'ANDROID', 'key' => '123'];

	$variable = getdataz($target, $headers, $dataz);
	echo $variable; // or do manipulation etc.

	/***
	 *	Leave me
	 */

	function getdataz($target, $headers, $dataz){
		$ch = curl_init($target);

		curl_setopt($ch, CURLOPT_HEADER, $headers);
		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt($ch, CURLOPT_POSTFIELDS,$dataz);
		curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8080');
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

		$result = curl_exec($ch);
		curl_close($ch);

		return $result;
	}
}

?>