Lab - TokenBleed
This challenge is centered around a fictitious Crypto exchange app, highlighting a critical security flaw related to an insecure web view implementation which can lead to exfiltration of sensitive data and 1-click account takeover.
Outline
In this lab, you will abuse a misconfigured Web View to steal an authentication token by just sharing a link.
In this lab, you will abuse a misconfigured Web View to steal an authentication token by just sharing a link.
Objectives
Exfiltrate the JWT of another user remotely by leveraging a misconfigured Web View and JavaScript bridge.
Skills Required
- Understanding of Android app development, especially WebView implementations.
- Reverse engineering of Android apps
- Understanding of JavaScript to native bridges to exploit the issue

Course Lessons

Copyright © 2024
Company
Registration:
89905814
VAT:
NL004770321B63
89905814
VAT:
NL004770321B63