Android WebView

Intro

Security

Improper usage WebView

Π•ΡΡ‚ΡŒ Π΄Π²Π° sandbox bypass:

JS ΠΌΠΎΠΆΠ΅Ρ‚ Π²Ρ‹Π·Ρ‹Π²Π°Ρ‚ΡŒ Java ΠΊΠΎΠ΄

wv.addJavascriptInterface(new FileUtils(), β€œfile”);
<script>
filename = β€˜/data/data/com.Foudnstone/data.txt’;
file.write(filename, data, false);
</script>

Π£ класса, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ ΠΏΠΎΠ΄ΠΊΠ»ΡŽΡ‡Π°Π΅Ρ‚ΡΡ ΠΏΠΎΠ΄ΠΎΠ±Π½Ρ‹ΠΌ ΠΎΠ±Ρ€Π°Π·ΠΎΠΌ, Π΄ΠΎΠ»ΠΆΠ΅Π½ Π±Ρ‹Ρ‚ΡŒ Ρ€Π΅Π°Π»ΠΈΠ·ΠΎΠ²Π°Π½ интСрфСйс JavascriptInterface

Java ΠΊΠΎΠ΄ ΠΌΠΎΠΆΠ΅Ρ‚ Π²Ρ‹Π·Ρ‹Π²Π°Ρ‚ΡŒ JS

String javascr = β€œjavascript: var newscript=document.
createElement(\”script\”);”;
javascr += β€œnewscript.src=\”http://www.foundstone.com\”;”;
javascr += β€œdocument.body.appendChild(newscript);”;
myWebView.loadUrl(javascr);

Π§Ρ‚ΠΎ бСзопаснСС WebView ΠΈΠ»ΠΈ Chrome Custom Tabs: https://developer.chrome.com/multidevice/android/customtabs

Π Π°Π·Ρ€Π΅ΡˆΠ΅Π½ΠΈΡ

setJavaScriptEnabled(true) β€” ΠΌΠΎΠΆΠ΅ΠΌ ΠΈΡΠΏΠΎΠ»Π½ΡΡ‚ΡŒ JS-ΠΊΠΎΠ΄

setAllowFileAccess(true) β€” ΠΌΠΎΠΆΠ΅ΠΌ Ρ‡ΠΈΡ‚Π°Ρ‚ΡŒ Ρ„Π°ΠΉΠ»Ρ‹ Ρ‡Π΅Ρ€Π΅Π· схСму file:///data/data/

Π§Ρ‚ΠΎ Π΅Ρ‰Π΅ ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΈΡ‚ΡŒ / ΠΏΠΎΠΏΡ€ΠΎΠ±ΠΎΠ²Π°Ρ‚ΡŒ, Ссли ΠΌΡ‹ ΠΌΠΎΠΆΠ΅ΠΌ Π²Π»ΠΈΡΡ‚ΡŒ Π½Π° WebView

oversecured's paper: https://blog.oversecured.com/Android-security-checklist-webview/

КакиС ΠΌΠ΅Ρ‚ΠΎΠ΄Ρ‹ Ρ…ΡƒΠΊΠ°Ρ‚ΡŒ

$ objection --gadget app.example.com explore
objection #  android hooking watch class_method android.webkit.WebView.loadData --dump-args
objection #  android hooking watch class_method android.webkit.WebView.loadUrl --dump-args
objection #  android hooking watch class_method android.webkit.WebView.loadDataWithBaseURL --dump-args
objection #  android hooking watch class_method android.webkit.WebView.evaluateJavascript --dump-args
objection #  android hooking watch class_method android.webkit.WebView.getUrl --dump-args
PreviousServicesNextЯП

Last updated

Was this helpful?