mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-28 23:51:29 +00:00
GitBook: [master] 476 pages and one asset modified
This commit is contained in:
parent
d6f70bd9f9
commit
d696378710
3 changed files with 25 additions and 0 deletions
BIN
.gitbook/assets/image (466).png
Normal file
BIN
.gitbook/assets/image (466).png
Normal file
Binary file not shown.
After Width: | Height: | Size: 872 KiB |
|
@ -479,6 +479,12 @@ adb shell settings put global http_proxy :0
|
|||
```
|
||||
{% endhint %}
|
||||
|
||||
### [Yaazhini](https://www.vegabird.com/yaazhini/)
|
||||
|
||||
This is a **great tool to perform static analysis with a GUI**
|
||||
|
||||
![](../../.gitbook/assets/image%20%28466%29.png)
|
||||
|
||||
### [Qark](https://github.com/linkedin/qark)
|
||||
|
||||
This tool is designed to look for several **security related Android application vulnerabilities**, either in **source code** or **packaged APKs**. The tool is also **capable of creating a "Proof-of-Concept" deployable APK** and **ADB commands**, to exploit some of the found vulnerabilities \(Exposed activities, intents, tapjacking...\). As with Drozer, there is no need to root the test device.
|
||||
|
|
|
@ -255,6 +255,24 @@ function invokeNativeOperation() {
|
|||
value2 = document.getElementById("value2").value
|
||||
window.webkit.messageHandlers.javaScriptBridge.postMessage(["multiplyNumbers", value1, value2]);
|
||||
}
|
||||
//After testing the previos funtion I got the error TypeError: undefined is not an object (evaluating 'window.webkit.messageHandlers')
|
||||
//But the following code worked to call the exposed javascriptbridge with the args "addNumbers", "1", "2"
|
||||
|
||||
document.location = "javascriptbridge://addNumbers/" + 1 + "/" + 2
|
||||
```
|
||||
|
||||
Once the Native function es executed it usually will **execute some JavaScript inside the web page** \(see `evaluateJavascript` below\) you can be interested on **overriding the function** that is going to be executed to **steal the result**.
|
||||
For example, in the script below the function **`javascriptBridgeCallBack`** is going to be executed with 2 params \(the called function and the **result**\). If you control the HTML that is going to be loaded you can create an **alert with the result** like:
|
||||
|
||||
```markup
|
||||
<html>
|
||||
<script>
|
||||
document.location = "javascriptbridge://getSecret"
|
||||
function javascriptBridgeCallBack(name, result) {
|
||||
alert(result);
|
||||
}
|
||||
</script>
|
||||
</html>
|
||||
```
|
||||
|
||||
### Called Function
|
||||
|
@ -315,4 +333,5 @@ With those limitations in mind, here are the steps to remotely debug a webview i
|
|||
## References
|
||||
|
||||
* [https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction\#testing-webview-protocol-handlers-mstg-platform-6](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction#testing-webview-protocol-handlers-mstg-platform-6)
|
||||
* [https://github.com/authenticationfailure/WheresMyBrowser.iOS](https://github.com/authenticationfailure/WheresMyBrowser.iOS)
|
||||
|
||||
|
|
Loading…
Reference in a new issue