Mobile Application Security Labs 
Freshcart

This challenge is centered around a fictitious grocery app called Freshcart. 

Outline

Freshcart contains a critical vulnerability that allows token stealing by exploiting the JavaScript to native bridge.

Objective

 Your task is to craft a payload that exploits the vulnerability in the Freshcart app to steal the user's token via the JavaScript-native bridge.

Skills Required
  • JavaScript-Native Bridge: Knowledge of how the native functionalities communicate with JavaScript using WebView within WebKit for iOS.

Course Lessons