We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello, I'm trying to use this template that I built from the example of trace advance to identify a controllable URI from intent passed to webview.
{ "METADATA": { "NAME": "Uri from intent to webview" }, "MANIFESTPARAMS": { "BASEPATH": "manifest->application->activity OR manifest->application->activity-alias", "SEARCHPATH": { "intent-filter": { "action": { "LOOKFOR": { "TAGVALUEMATCH": "<NAMESPACE>:name=android.intent.action.VIEW" } }, "category": { "LOOKFOR": { "TAGVALUEMATCH": "<NAMESPACE>:name=android.intent.category.BROWSABLE" } }, "data": { "RETURN": ["<NAMESPACE>:host AS @host", "<NAMESPACE>:scheme AS @scheme"] } } }, "RETURN": ["<smali>:<NAMESPACE>:name AS @activity_name"] }, "CODEPARAMS": { "TRACE": { "TRACETYPE": "ADVANCED", "TRACEFROM": "ARGTO <method>:Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V ARGINDEX 1", "TRACELENGTHMAX":10, "TRACETO": "RESULTOF Landroid/content/Intent;->getData()Landroid/net/Uri;", "RETURN": "<tracepath> AS @tracepath_browsablejsbridge" } }, "GRAPH": "@tracepath_browsablejsbridge WITH <method>:<desc>:<class> AS attribute=nodename" }
The smali code of the class I'm trying to detect is :
.class public Lcom/vuln/jandroid/VulnActivity; .super Landroid/app/Activity; .source "VulnActivity.java" # direct methods .method public constructor <init>()V .locals 0 .line 11 invoke-direct {p0}, Landroid/app/Activity;-><init>()V return-void .end method # virtual methods .method protected onCreate(Landroid/os/Bundle;)V .locals 2 .line 17 invoke-super {p0, p1}, Landroid/app/Activity;->onCreate(Landroid/os/Bundle;)V const p1, 0x7f0b001d .line 18 invoke-virtual {p0, p1}, Lcom/vuln/jandroid/VulnActivity;->setContentView(I)V .line 19 new-instance p1, Landroid/webkit/WebView; invoke-direct {p1, p0}, Landroid/webkit/WebView;-><init>(Landroid/content/Context;)V .line 20 new-instance v0, Lcom/vuln/jandroid/BridgeJS; invoke-direct {v0}, Lcom/vuln/jandroid/BridgeJS;-><init>()V const-string v1, "injectedObject" invoke-virtual {p1, v0, v1}, Landroid/webkit/WebView;->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V .line 21 invoke-virtual {p0, p1}, Lcom/vuln/jandroid/VulnActivity;->setContentView(Landroid/view/View;)V .line 22 invoke-virtual {p0}, Lcom/vuln/jandroid/VulnActivity;->getIntent()Landroid/content/Intent; move-result-object v0 .line 23 invoke-virtual {v0}, Landroid/content/Intent;->getData()Landroid/net/Uri; move-result-object v0 invoke-static {v0}, Ljava/lang/String;->valueOf(Ljava/lang/Object;)Ljava/lang/String; move-result-object v0 .line 24 invoke-virtual {p1, v0}, Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V return-void .end method
I also tried with the Ljava/lang/String;->valueOf(Ljava/lang/Object;)Ljava/lang/String; string but it's not working neither.
Ljava/lang/String;->valueOf(Ljava/lang/Object;)Ljava/lang/String;
I attached the debug output of Jandroid and the APK in a zip file :
attachments.zip
Do you have an idea of where the problem is ?
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello,
I'm trying to use this template that I built from the example of trace advance to identify a controllable URI from intent passed to webview.
{ "METADATA": { "NAME": "Uri from intent to webview" }, "MANIFESTPARAMS": { "BASEPATH": "manifest->application->activity OR manifest->application->activity-alias", "SEARCHPATH": { "intent-filter": { "action": { "LOOKFOR": { "TAGVALUEMATCH": "<NAMESPACE>:name=android.intent.action.VIEW" } }, "category": { "LOOKFOR": { "TAGVALUEMATCH": "<NAMESPACE>:name=android.intent.category.BROWSABLE" } }, "data": { "RETURN": ["<NAMESPACE>:host AS @host", "<NAMESPACE>:scheme AS @scheme"] } } }, "RETURN": ["<smali>:<NAMESPACE>:name AS @activity_name"] }, "CODEPARAMS": { "TRACE": { "TRACETYPE": "ADVANCED", "TRACEFROM": "ARGTO <method>:Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V ARGINDEX 1", "TRACELENGTHMAX":10, "TRACETO": "RESULTOF Landroid/content/Intent;->getData()Landroid/net/Uri;", "RETURN": "<tracepath> AS @tracepath_browsablejsbridge" } }, "GRAPH": "@tracepath_browsablejsbridge WITH <method>:<desc>:<class> AS attribute=nodename" }The smali code of the class I'm trying to detect is :
I also tried with the
Ljava/lang/String;->valueOf(Ljava/lang/Object;)Ljava/lang/String;string but it's not working neither.I attached the debug output of Jandroid and the APK in a zip file :
attachments.zip
Do you have an idea of where the problem is ?
The text was updated successfully, but these errors were encountered: