Last active
May 22, 2024 17:22
-
-
Save izadgot/7c6202f19c590727e2704f3453658318 to your computer and use it in GitHub Desktop.
sample Frida script for analyse Android WebView
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Moved to https://github.com/Incognito-Lab/Frida-WebView-Inspector | |
| //frida -U "<ProcessName>" -l Android_WebView_inspector.js | |
| let Webview = Java.use("android.webkit.WebView"); | |
| // inspect settings of android.webkit.WebView class | |
| Java.choose("android.webkit.WebView", { | |
| // check if there are any running webview instances | |
| onMatch: function(instance) { | |
| // webview must be running on the main thread, so scheduleOnMainThread() will force the function to run on the main thread | |
| Java.scheduleOnMainThread(function(){ | |
| console.log('[+] Found an instance(s): ', instance); | |
| console.log('\n[+] Javascript Enable =>',instance.getSettings().getJavaScriptEnabled()); | |
| console.log('\n[+] AllowUniversalAccessFromFileURLs Enable =>',instance.getSettings().getAllowUniversalAccessFromFileURLs()); | |
| console.log('\n[+] AllowFileAccessFromFileURLs Enable =>',instance.getSettings().getAllowFileAccessFromFileURLs()); | |
| console.log('\n[+] AllowFileAccess Enable =>',instance.getSettings().getAllowFileAccess()); | |
| }); | |
| }, | |
| onComplete: function() { | |
| console.log("Finished enumerating instances!"); | |
| } | |
| }); | |
| // inspect Javascript Bridge | |
| Webview.addJavascriptInterface.overload('java.lang.Object', 'java.lang.String').implementation = function(obj, name) { | |
| console.log('\n[+] Bridge Call=>',name); | |
| this.addJavascriptInterface.overload('java.lang.Object', 'java.lang.String').call(this,obj, name); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment