Just rediscovered this Smali bind shell I wrote a while back. Useful for niche scenarios like minimal exploit PoCs (i.e., overwriting DEX files for arbitrary execution). IIRC it compiles down to a few hundred bytes.
gist.github.com/SeanPesce/3c...
#android #mobilesecurity
gist.github.com/SeanPesce/3c...
#android #mobilesecurity
TCP bind shell (port 7777) written in Smali. Add this to the static initializer code (clinit) of any loaded class to start the listener.
TCP bind shell (port 7777) written in Smali. Add this to the static initializer code (clinit) of any loaded class to start the listener. - BindShellTcp.smali
gist.github.com
October 31, 2025 at 9:57 PM
Just rediscovered this Smali bind shell I wrote a while back. Useful for niche scenarios like minimal exploit PoCs (i.e., overwriting DEX files for arbitrary execution). IIRC it compiles down to a few hundred bytes.
gist.github.com/SeanPesce/3c...
#android #mobilesecurity
gist.github.com/SeanPesce/3c...
#android #mobilesecurity
Great post from the Payatu blog: Understanding and Modifying the Hermes Bytecode
payatu.com/blog/underst...
payatu.com/blog/underst...
Understanding and Modifying the Hermes Bytecode - Payatu
The React Native Pentesting for Android Masterclass has taught us how to edit and patch React Native apps in the previous blog. Let’s now move on to the Hermes bytecode. The React Native team created...
payatu.com
December 18, 2024 at 11:10 PM
Great post from the Payatu blog: Understanding and Modifying the Hermes Bytecode
payatu.com/blog/underst...
payatu.com/blog/underst...
Exploiting Android Client WebViews with Help from HSTS
seanpesce.blogspot.com/2024/09/expl...
(Repost from my X/Twitter)
seanpesce.blogspot.com/2024/09/expl...
(Repost from my X/Twitter)
November 25, 2024 at 1:01 PM
Exploiting Android Client WebViews with Help from HSTS
seanpesce.blogspot.com/2024/09/expl...
(Repost from my X/Twitter)
seanpesce.blogspot.com/2024/09/expl...
(Repost from my X/Twitter)
Reposted by Sean Pesce
We've just updated our URL Validation Bypass Cheat Sheet with a new IP address obfuscator, and new payloads by @seanpesce.bsky.social and @t0xodile.bsky.social. Check out the full details at portswigger.net/research/new...
New crazy payloads in the URL Validation Bypass Cheat Sheet
The strength of our URL Validation Bypass Cheat Sheet lies in the contributions from the web security community, and today’s update is no exception. We are excited to introduce a new and improved IP a
portswigger.net
October 29, 2024 at 2:31 PM
We've just updated our URL Validation Bypass Cheat Sheet with a new IP address obfuscator, and new payloads by @seanpesce.bsky.social and @t0xodile.bsky.social. Check out the full details at portswigger.net/research/new...
1/? #Android #appsec trivia tidbit:
Apps with cleartextTrafficPermitted allow easier exploitation of WebView URI confusion vulns because WebViews will default to plaintext HTTP if no protocol is provided to loadUrl(), but normally this results in NET::ERR_CLEARTEXT_NOT_PERMITTED
Apps with cleartextTrafficPermitted allow easier exploitation of WebView URI confusion vulns because WebViews will default to plaintext HTTP if no protocol is provided to loadUrl(), but normally this results in NET::ERR_CLEARTEXT_NOT_PERMITTED
March 20, 2024 at 11:15 AM
November 9, 2023 at 1:11 AM