ReSign - A burp extender that recalculate signature value automatically after you modified request parameter value

  •        106

A burp extender that recalculate signature value automatically after you modified request parameter value.but you need to know the signature algorithm detail and configure at GUI. More and more mobile developers begin to use the signature algorithm to improve the security of App. when we test the App generated requests, always need to recalculate the sign value and update it again and again to make the request pass the server check.

https://github.com/bit4woo/ReSign


Dependencies:

com.alibaba:fastjson:1.2.47

Tags
Implementation
License
Platform

   




Related Projects

SPMediaKeyTap - [Cocoa] SPMediaKeyTap is a global event tap for the play/pause, prev and next keys on the keyboard

  •    Objective-C

SPMediaKeyTap abstracts a CGEventHook and other nastiness in order to give you a relatively simple API to receive media key events (prev/next/playpause, on F7 to F9 on modern MacBook Pros) exclusively, without them reaching other applications like iTunes. SPMediaKeyTap is clever enough to resign its exclusive lock on media keys by looking for which application was active most recently: if that application is in SPMediaKeyTap's whitelist, it will resign the keys. This is similar to the behavior of Apple's applications collaborating on media key handling exclusivity, but unfortunately, Apple is not exposing any APIs allowing third-parties to join in on this collaboration. For now, the whitelist is just a hardcoded array in +[SPMediaKeyTap defaultMediaKeyUserBundleIdentifiers]. If your app starts using SPMediaKeyTap, please mail me your bundle ID, and I'll include it in the canonical repository. This is a bad solution; a better solution would be to use distributed notifications to collaborate in creating this whitelist at runtime. Hopefully someone'll have the time and energy to write this soon.

XVim2 - Vim key-bindings for Xcode 9

  •    Objective-C

XVim2 (or 'XVim for Xcode 9 and above') is a Vim plugin for Xcode. The plugin intends to offer a compelling Vim experience without the need to give up any Xcode features. Sign Xcode with your own certificate. You can read the instructions for how to do this and if you have questions or concerns about what this means you can read the FAQ on why you need to resign Xcode to use XVim2.

Fsum frontend

  •    D

Fsum Frontend is a files integrity checker. It can calculate 96 hash and checksum algorithms(CRC32, MD5, SHA1, SHA2, ADLER, DHA256, FORK256, ...). You can verify your files using a .sfv/.md5/.sha1/.sha2 file or create your own checksum file.

api_auth - HMAC authentication for Rails and HTTP Clients

  •    Ruby

Logins and passwords are for humans. Communication between applications need to be protected through different means. ApiAuth is a Ruby gem designed to be used both in your client and server HTTP-based applications. It implements the same authentication methods (HMAC-SHA1) used by Amazon Web Services.

HashPump - A tool to exploit the hash length extension attack in various hashing algorithms

  •    C++

A tool to exploit the hash length extension attack in various hashing algorithms. Currently supported algorithms: MD5, SHA1, SHA256, SHA512.


BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

  •    Java

BadIntent is the missing link between the Burp Suite and the core Android's IPC/Messaging-system. BadIntent consists of two parts, an Xposed-based module running on Android and a Burp-plugin. Based on this interplay, it is possible to use the Burp's common workflow and all involved tools and extensions, since the intercept and repeater functionality is provided. BadIntent hooks deeply into the Android system, performs various method redirections in Parcels and adds additional services to provide the described features. Most notably, BadIntent works system-wide (experimental) and is not restricted to individual user apps. The most handy approach is to install BadIntent Android from the Xposed Module Repository and BadIntent Burp from the Burp’s BApp Store. Both are made available/submitted before the Arsenal presentation of BadIntent in Black Hat Las Vegas 2017.

optool - Command Line Tool for interacting with MachO binaries on OSX/iOS

  •    Objective-C

optool is a tool which interfaces with MachO binaries in order to insert/remove load commands, strip code signatures, resign, and remove aslr. Below is its help.

python-jose - A JOSE implementation in Python

  •    Python

Docs are available on ReadTheDocs.The JavaScript Object Signing and Encryption (JOSE) technologies - JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web Algorithms (JWA) - collectively can be used to encrypt and/or sign content using a variety of algorithms. While the full set of permutations is extremely large, and might be daunting to some, it is expected that most applications will only use a small set of algorithms to meet their needs.

SSIS Multiple Hash

  •    CSharp

SSIS Multiple Hash makes it possible to generate many Hash values from each input row. Hash's supported include MD5 and SHA1.

Mantas Cryptography

  •    

Pequena biblioteca de criptografia com suporte aos algorítmos DES, RC2, Rexor e TripleDES. Gera hashes HMAC-MD5, HMAC-RIPEMD160, HMAC-SHA (SHA1, SHA256, SHA384, SHA512), MD5, RIPEMD160 E SHA (SHA1, SHA 256, SHA384, SHA512)

KIside

  •    C++

KIside is a message digest computing and displaying tool. It computes and shows the hash code of any file as a string of hexadecimal numbers. KIside implements standard algorithms such as MD4, MD5, SHA1, SHA256, SHA384, SHA512, TIGER, RIPEMD160.

ChecksumGUI

  •    

ChecksumGUI is a simple Windows application to compute file or text hash. It supports MD5, SHA1, SHA256, SHA384 and SHA512 algorithms. ChecksumGUI is based on .Net Framework 4 and WPF.

hashPwd

  •    CSharp

hashPwd provides hashing algorithms within a classical windows form. Current Version: 1.0b

jshashes - Fast and dependency-free cryptographic hashing library for node

  •    Javascript

jshashes is lightweight library implementing the most extended cryptographic hash function algorithms in pure JavaScript (ES5 compliant).You can use the simple command-line interface to generate hashes.

joken - Elixir JWT library

  •    Elixir

The goal of this library is to provide a convenient way to create, sign, verify, and validate JWTs while allowing the flexibility to customize each step along the way. This library also includes a Plug for checking tokens as well.1 Implemented mostly in pure Erlang. May be less performant than other supported signature algorithms. See jose JWS algorithm support for more information.

object-hash - Generate hashes from javascript objects in node and the browser.

  •    Javascript

Generate hashes from objects and values in node and the browser. Uses node.js crypto module for hashing. Supports SHA1 and many others (depending on the platform) as well as custom streams (e.g. CRC32). Starting with version 1.1.8 (released April 2017), new versions will consider the exact returned hash part of the API contract, i.e. changes that will affect hash values will be considered semver-major. Previous versions may violate that expectation.

imagehash - 🌄 Perceptual image hashing for PHP

  •    PHP

A perceptual hash is a fingerprint of a multimedia file derived from various features from its content. Unlike cryptographic hash functions which rely on the avalanche effect of small changes in input leading to drastic changes in the output, perceptual hashes are "close" to one another if the features are similar. Perceptual hashes are a different concept compared to cryptographic hash functions like MD5 and SHA1. With cryptographic hashes, the hash values are random. The data used to generate the hash acts like a random seed, so the same data will generate the same result, but different data will create different results. Comparing two SHA1 hash values really only tells you two things. If the hashes are different, then the data is different. And if the hashes are the same, then the data is likely the same. In contrast, perceptual hashes can be compared -- giving you a sense of similarity between the two data sets.

end-to-end - End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP and OTR)

  •    Javascript

End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP and OTR).This is the source code for the End-To-End library. It's built upon a newly developed, JavaScript-based crypto library. End-To-End implements the OpenPGP standard, IETF RFC 4880, enabling key generation, encryption, decryption, digital signature, and signature verification.

minisign - A dead simple tool to sign files and verify digital signatures.

  •    C

Minisign is a dead simple tool to sign files and verify signatures. Minisign uses the EdDSA signature system, and deterministic signature schemes are fragile against fault attacks. However, conducting these requires physical access or the attacker having access to the same physical host.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.