Intentionally vulnerable webview implementions in Android. Video for reference: https://www.youtube.com/watch?v=qS5PkC-37io
- Basic webview hijack with attacker controlled URL in
RegistrationWebView.java - User token leaked to attacker via header and JavaScript interface in
SupportWebView.java - Universal file access allowed in
RegistrationWebView.javaenables exfiltration of private files
- If you want, you can clone this repository into Android Studio, or you can simply download the
app.apkand install it on your device.