-
Notifications
You must be signed in to change notification settings - Fork 2
/
scenario3.html
63 lines (52 loc) · 2.45 KB
/
scenario3.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<!DOCTYPE html>
<html>
<head>
<script src="http://wmbapi.authenticationfailure.com/static/js/greetings.js"></script>
<style>
body {font-family: Arial,"Helvetica Neue",Helvetica,sans-serif;}
h1, h2, h3 {color: darkblue}
</style>
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<h1>WKWebView Scenario 3</h1>
<h2>JavaScript bridge to native functionality</h2>
<h3>Description</h3>
<p>In this scenario the page makes a call to native functionality.
Some content is loaded insecurely from the Internet over http.</p>
<h3>Tasks</h3>
<ol>
<li>Can you steal the secret exposed via native functionality using a man-in-the middle attack? </li>
</ol>
<hr/>
<h3>Page Content</h3>
<p>The result of the "multiply" operation is calculated by native code.</p>
<script>
function javascriptBridgeCallBack(name, value) {
if (name == "multiplyNumbers") {
document.getElementById("result").textContent = value
}
}
function invokeNativeOperation() {
value1 = document.getElementById("value1").value
value2 = document.getElementById("value2").value
window.webkit.messageHandlers.javaScriptBridge.postMessage(["multiplyNumbers", value1, value2]);
}
hello();
</script>
<form onsubmit="event.preventDefault(); invokeNativeOperation()">
<input type="text" id="value1" value="3"/>
<input type="text" id="value2" value="4.5"/>
<input type="submit" value="Multiply">
</form>
<p>The result is:</p>
<p id="result" style="background-color: #E0E0E0"></p>
<hr/>
<h3>Exploitation Helper</h3>
<form id="payload_form" onsubmit="event.preventDefault(); window.eval(document.getElementById('payload').value)" action="#">
<label for="payload">You can simulate the attack by writing a payload in the text area below and pressing 'Evaluate Payload':</label><br>
<textarea id="payload" rows=6 style="width:100%">document.getElementById("result").innerHTML="1337";</textarea>
<button id="run_payload" type="submit">Evaluate Payload</button>
</form>
</body>
</html>