adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More accurate description.

Browse Source
This commit is contained in:
Joe Vennix
2014-02-04 01:44:39 -06:00
parent 177bd35552
commit eba3a5aab0
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/android/browser/webview_addjavascriptinterface.rb
+3 -4
View File
@@ -1,13 +1,9 @@
# ./sdk/tools/android and install Android 4.1.2 or below
#
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
# require 'rex/proto/proxy/http'
class Metasploit3 < Msf::Exploit::Remote
@@ -27,6 +23,9 @@ class Metasploit3 < Msf::Exploit::Remote
served by metasploit into an affected Webview on the target device. There
are a number of ways to do this (DNS spoofing, rogue HTTP proxy, XSS injection, etc).
This module can also get a shell on some versions of the Android Browser for
Android < 4.2, where the vendor has added an addJavascriptInterface wrapper.
Note: Adding a .js to the URL will return plain javascript (no HTML markup).
},
'License' => MSF_LICENSE,