-
Notifications
You must be signed in to change notification settings - Fork 3
A drozer module built to enumerate JavaScript interface strings in applications and aid low false positive detection of addJavascriptInterface vulnerabilites.
License
droidsec/jsif-enumerator
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
_ ___ __ _____
| |___|_ _|/ _| ____|_ __ _ _ _ __ ___
_ | / __|| || |_| _| | '_ \| | | | '_ ` _ \
| |_| \__ \| || _| |___| | | | |_| | | | | | |
\___/|___/___|_| |_____|_| |_|\__,_|_| |_| |_|
by k3170makan
A drozer module built to enumerate JS interfacstrings in applications and
aid low false positive detection of addJavascriptInterface vulenrabilites.
===============Notes=================
*The jsifenum drozer module performs rudimetary static analysis of the classes.dex file in an android applicaiton
to try to strip out references to javascript bridges being used by the targeted application.
*The usage case here is that you are looking to enumerate the javasript bridges being used to build code execution
exploits for a targeted application. So if suspect an application may be exploitatable by way of jsif this little module
will strip out all of the referenced javascript bridges for you.
*This module makes one fundamental assumption, that is if the window object is deferencing a weird name, that it is probably
a javascript bridge, we assume that the user has already identified an exposed and "interactable"/"influencable" bridged webview.
Please be advised this is purely a static analysis tool, specifically because its been developed to support exploitation on
both JB_MR2 devices and above, this means using reflection to test for the exploitability of briges in the general sense is out of the question.
It can also be used to scan all the applicaitons on a device for javascript bridges.
==================Usage=====================
Run listing only interfaces and either usages found
dz> run ex.scanner.jsifenum -a com.exsoul -u
[*] analyzing 'com.exsoul' for interfaces ...
[*] found 1 interfaces with 1 usages identified
[+] interface : 'android'
usages identified...
[+] 'window.android.addExso...'
Run listing only methods and interfaces found
dz> run ex.scanner.jsifenum -a com.exsoul -m
[*] analyzing 'com.exsoul' for interfaces ...
[*] found 1 interfaces with 1 usages identified
[+] interface : 'android'
methods/interface fields identified...
[+] addExsoulSpeedDial()
Run listing both methods and usages...
run ex.scanner.jsifenum -a com.exsoul -m -u
[*] analyzing 'com.exsoul' for interfaces ...
[*] found 1 interfaces with 1 usages identified
[+] interface : 'android'
usages identified...
[+] 'window.android.addExso...'
methods/interface fields identified...
[+] addExsoulSpeedDial()
Arguments
-h, --help Display help page
-a <package or uri>, --package <package or uri>, --uri <package or uri>
specify a package, or content uri to search, without this the module will scan all enumerate-able applicaition packages on the device
-u, --usages print identified usages of interfaces
-m, --methods print methods referenced from interfaces, very usefull for exploitation on KitKat devices
==============Troubleshooting==============
STUB - will add docs soon.
If you have any trouble running and installing the module, ---in the mean time---please feel free to log an issue on the github repo :)
About
A drozer module built to enumerate JavaScript interface strings in applications and aid low false positive detection of addJavascriptInterface vulnerabilites.
Resources
License
Contributing
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published