HACKING ANDROID WebViews (Static analysis - Part 2)

0 Просмотры
Издатель
Hi! I'm a pentester and a bug bounty hunter who's learning everyday and sharing useful resources as I move along. Subscribe to my channel because I'll be sharing my knowledge in new videos regularly.

SCAN AN ANDROID APP USING OVERSECURED'S SCANNER:



OVERSECURED BLOG:



BUY ME A COFFEE:


SOCIAL MEDIA:
Follow me on Twitter: ​
Follow me on Instagram: ​
Connect with me on LinkedIn:

TIME STAMPS:

00:00​ Introduction
00:29​ A message from Oversecured
00:46 Pre-requisites for the attack
01:37​ What is a WebView?
03:09​ How to look for a vulnerable WebView in the app's code?
5:03 Spotting the vulnerability
5:35​ Exploitation
7:50 setAllowUniversalAccessFromFileURLs enabled for a WebView
8:33 Exploitation: setAllowUniversalAccessFromFileURLs enabled for a WebView
12:38 JavaScript enabled for a WebView
13:16 Exploitation: JavaScript enabled for a WebView
16:33 Using Oversecured's vulnerability scanner


DOWNLOAD ADB:


DOWNLOAD JADX:


DOWNLOAD ANDROID STUDIO:


GITHUB REPOSITORY FOR THE VULNERABLE APP:


RESOURCES FOR ATTACKING VULNERABLE WebViews:
Категория
Сеть и интернет
Комментариев нет.