Vulnerable Web View

Intentionally vulnerable webview implementions in Android

Added vulnerabilities

Basic webview hijack with attacker controlled URL in RegistrationWebView.java
User token leaked to attacker via header and JavaScript interface in SupportWebView.java ( exploit hosted here )
Universal file access allowed in RegistrationWebView.java enables exfiltration of private files ( exploit hosted here )

If you want, you can clone this repository into Android Studio, or you can simply download the app.apk and install it on your device.

Name		Name	Last commit message	Last commit date
Latest commit History 21 Commits
app		app
gradle/wrapper		gradle/wrapper
README.md		README.md
app.apk		app.apk
build.gradle		build.gradle
gradle.properties		gradle.properties
gradlew		gradlew
gradlew.bat		gradlew.bat
settings.gradle		settings.gradle