Collaborate Disseminate
I want to render my app menu hover with WebView Page
I can able to run webview from js function window.open or Cordova.open
But its coming without App slide Menu, how to achieve it?
Slider Menu with Window.open Webview?
I have directive m… Continue reading How to display ionic menu hover with WebView?
I have noticed that some mobile app utilizes webview to display and process information. For instance, this mobile app asks username/password as part of its registration process, then creates a user on my website using webView behind an a… Continue reading Is there a way to prevent my website to be viewed over the webView of mobile apps? [migrated]
I am making a webview that is going to be part of a native iOS and Android app, I implemented the webview using HTTPS as a protocol, and developed my NodeJS app there.
But the security team from where I work, came with the following situat… Continue reading Isn’t HTTPS enough to prevent MITM in mobile apps? Why is SSL Pinning needed?
while trying evil twin and monitoring the traffic log on my phone using http canary app … i noticed on the second the phone connects to the evil ap network .. facebook messenger requests the page .. while other apps requests normal pages… Continue reading is there a reason for FB messenger to request the captive portal page (evil twin testing)?
I am using an Android app downloaded from playstore and wanted to know whether the app uses Webview.
So, I tried intercepting the network calls with the help of Charles (proxy) and I found out that page is actually a webview from coming fr… Continue reading Understanding the Webview (html) code coming from the server
I know that allowing site (especially login site) to be accessible by iframe is a bad practice. But I plan to use webView to "outsource" the login process in a mobile app to a website (owned and written by me), i.e. I’d load the … Continue reading Potential risk of allow login sites to be accessible through webview
I would like to know if this code is secure to validate that a url is from my domain before loading it a webview in android :
if (!url.startsWith(“https://www.example.com/test/”)){
// don’t load the url
dontload = true;
}
It lo… Continue reading Is this url verification with startsWith secure?
I’m learning android application pen testing and I’m kinda lost about what can do an attacker that control the content of a webview ?
I guess if there is no javascript enabled there is no impact, right ?
But if there is JavaScript enable… Continue reading What is the impact of controling the content of a webview in Android?
Google has rushed out a fix for a bug in the Android version of Chrome that left some app users unable to access accounts or retrieve stored data. Continue reading Chrome 79 patched after Android WebView app chaos
There are several articles about XSS vulnerabilities in Android/iOS WebViews.
I understand the main concept of XSS; on a regular website it could be achieved by for example redirecting someone to a URL with a manipulated que… Continue reading How would someone XSS into a WebView?