search

idanr1986 / droidmon

Dalvik Monitoring Framework for CuckooDroid
Other
91 stars 49 forks source link

Hooking a android.webkit.WebSettings method does not work... #10

Closed pnill closed 6 years ago

pnill commented 6 years ago

Not sure what's going wrong here, I've added the following to hooks.json:

    {
        "class_name": "android.webkit.WebSettings",
        "method": "setJavaScriptEnabled",
        "thisObject": false,
        "type": "content"
    },

And have an apk with the following code: setContentView(R.layout.activity_main);

    WebView m =  findViewById(R.id.webview1);

    WebSettings n = m.getSettings();
    n.setJavaScriptEnabled(true);
    m.setWebContentsDebuggingEnabled(true);

I never see the setJavaScriptEnabled show up in droidMon as being hooked and I also never get an error produced.

String logVerbose = "JavaScriptDebugging: " + n.getJavaScriptEnabled(); Log.v( "Security App Test",logVerbose);

Doing the following I can see that javascript has in-deed been enabled though.

Wondering if you can help correct this.

pnill commented 6 years ago

Was able to correct this by tracing what getSettings was returning from the webview it turns out it doesn't reference a WebSettings object but rather something deeper which extends it.

https://android.googlesource.com/platform/frameworks/webview/+/android-4.4_r1.1/chromium/java/com/android/webview/chromium/ContentSettingsAdapter.java

So by hooking com.android.webview.chromium.ContentSettingsAdapter's setJavaScript method I was able to get the desired result.