How to Bypass a Web View Vulnerability in Your Mobile App

Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

Joel’s HackerOne Android Hacking Introduction:

https://t.ly/f87D

Android Pixel Lock Screen Bypass

https://t.ly/Q_qq

Exploiting Deeplink URLs:

https://inesmartins.github.io/exploiting-deep-links-in-android-part1/index.html

Joel’s get_schemas tool:

https://github.com/teknogeek/get_schemas

Example AndroidManfest.xml we referenced:

https://t.ly/mcN1

https://t.ly/ErVV

Android docs for intent filters:

https://developer.android.com/guide/components/intents-filters.html

Android docs for “setAllowContentaccess”:

https://t.ly/hXOZ

Android docs for “setAllowFileAccess”:

https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)

Add JavaScript Interface to Webview:

https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String)

Joel’s SSL Pinning Bypass:

https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725

Google Chrome Docs for Intent URLs:

https://developer.chrome.com/docs/multidevice/android/intents/#considerations

Joel’s Bug Bounty Report:

https://hackerone.com/reports/423467