Get no result for even a obviously vulnerable application

Question

Get no result for even a obviously vulnerable application

miaochiahao opened this issue 5 years ago · comments

I got nothing on Jandroid output html. I'm sure that:

all requirements are installed properly
the target apk has obvious webview vulnerabilities and they can be found manually accourding to the template

But I got this message in the log: {'bug_obj': {'JSbridgeBrowsable': False}

I'm not sure that whether it is a bug, or the target apk just missed the template, or something else is wrong. It would be nice for you to provide a vulnerable apk which could be detected by Jandroid, in order to prove that Jandroid is working properly.

projectbtle · Answer 1 · Thu Nov 07 2019 02:13:41 GMT+0800 (China Standard Time)

Does the APK definitely have browsable activities that call the vulnerable web views? (the activity must match the signature given in MANIFESTPARAMS)

MiaoChiahao · Answer 2 · Sun Nov 10 2019 18:38:18 GMT+0800 (China Standard Time)

Does the APK definitely have browsable activities that call the vulnerable web views? (the activity must match the signature given in MANIFESTPARAMS)

Yes, I'm pretty sure. Or can you just provide a vulnerable app? I want to make sure that jandroid is running properly on my machine. I got no result from androidguard androguard while debugging.

projectbtle · Answer 3 · Thu Dec 19 2019 08:59:29 GMT+0800 (China Standard Time)

Unfortunately, I don't have vulnerable apps that can be shared.

There have been some code changes recently. Can you try with the updated code?

wbs · Answer 4 · Tue Sep 29 2020 10:25:48 GMT+0800 (China Standard Time)

<activity android:name=".WebviewActivity">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="www.test.com"
android:scheme="www" />
</intent-filter>
</activity>

public class WebviewActivity extends AppCompatActivity {

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_webview);
    setTitle("WebViewActivity");
    EditText et = (EditText)findViewById(R.id.et1);
    WebView webView = (WebView)findViewById(R.id.webview);
    webView.addJavascriptInterface(new test(),"mmm");
    Intent intent = getIntent();
    Uri uri = intent.getData();
    String url=uri.getQueryParameter("url");
    webView.loadUrl(url);
}

}

DEBUG Finished analysing Webview-debug.apk with output {'bug_obj': {'JSbridgeBrowsable': False}, 'graph_list': []}.
got nothing！！！

MiaoChiahao · Answer 5 · Tue Sep 29 2020 17:40:01 GMT+0800 (China Standard Time)

<activity android:name=".WebviewActivity">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="www.test.com"
android:scheme="www" />
</intent-filter>
</activity>

public class WebviewActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_webview);
    setTitle("WebViewActivity");
    EditText et = (EditText)findViewById(R.id.et1);
    WebView webView = (WebView)findViewById(R.id.webview);
    webView.addJavascriptInterface(new test(),"mmm");
    Intent intent = getIntent();
    Uri uri = intent.getData();
    String url=uri.getQueryParameter("url");
    webView.loadUrl(url);
}
}

DEBUG Finished analysing Webview-debug.apk with output {'bug_obj': {'JSbridgeBrowsable': False}, 'graph_list': []}.
got nothing！！！

这个我和同事确认过了，他自带的实例规则写的有些问题，需要自己改动

wbs · Answer 6 · Wed Sep 30 2020 10:07:51 GMT+0800 (China Standard Time)

哦哦，是写的规则有问题么，那我再看下，多谢多谢

ExLuck · Answer 7 · Tue Aug 15 2023 16:20:56 GMT+0800 (China Standard Time)

<activity android:name=".WebviewActivity">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:host="www.test.com"
android:scheme="www" />
</intent-filter>
</activity>
public class WebviewActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_webview);
    setTitle("WebViewActivity");
    EditText et = (EditText)findViewById(R.id.et1);
    WebView webView = (WebView)findViewById(R.id.webview);
    webView.addJavascriptInterface(new test(),"mmm");
    Intent intent = getIntent();
    Uri uri = intent.getData();
    String url=uri.getQueryParameter("url");
    webView.loadUrl(url);
}
}
DEBUG Finished analysing Webview-debug.apk with output {'bug_obj': {'JSbridgeBrowsable': False}, 'graph_list': []}.
got nothing！！！
I confirmed this with my colleagues. There are some problems with the example rules that come with him, and I need to modify them myself.

Can you share the edited rule?