https://github.com/rmst/android-webview-exfiltration

Last synced: over 1 year ago
JSON representation

Host: GitHub
URL: https://github.com/rmst/android-webview-exfiltration
Owner: rmst
Created: 2021-11-29T21:55:10.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2021-11-29T22:12:47.000Z (over 4 years ago)
Last Synced: 2025-01-04T04:46:54.471Z (over 1 year ago)
Language: JavaScript
Size: 160 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: Readme.md

Awesome Lists containing this project

README

          
Loads a local version of https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ into an Android webview to test whether JS code inside of the webview can trigger network traffic and potentially exfiltrate information that might have been put into the Webview via a Java interface.

### Test Results

#### Android Webview 96.0.4664.45

Loads WebRTC local address as well as public IP (if STUN server is added) despite `WebSettings::setBlockNetworkLoads(true)`. According to https://groups.google.com/a/chromium.org/g/android-webview-dev/c/bk_NMK9evKg/m/N5w3HTwKBwAJ this is considered a bug.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/rmst/android-webview-exfiltration

Awesome Lists containing this project

README