DJINI.AI
COURSES
HACKING LABS
SERVICES
BLOG
AFFILIATE PROGRAM
ABOUT US
- Career
CONTACT US
SIGN IN
SIGN UP

Lab - TokenBleed

This challenge is centered around a fictitious Crypto exchange app, highlighting a critical security flaw related to an insecure web view implementation which can lead to exfiltration of sensitive data and 1-click account takeover.

Outline
In this lab, you will abuse a misconfigured Web View to steal an authentication token by just sharing a link.

Objectives
Exfiltrate the JWT of another user remotely by leveraging a misconfigured Web View and JavaScript bridge.

Skills Required

Understanding of Android app development, especially WebView implementations.
Reverse engineering of Android apps
Understanding of JavaScript to native bridges to exploit the issue

Course Lessons

Copyright © 2024

Socials

Resources

Mobile Hacking
Lab Blogs
Try Our Program
for Free
Affiliate Program

Legal

Privacy Policy
Terms of Use
Cookie Policy
Affiliate Programm Terms

Company

Registration:
89905814
VAT:
NL004770321B63

Login or sign up to start learning Login to start learning

Start learning

or

What's your e-mail?

Your password?

Login

Create Accounta new account for free

Forgot your password?

Sign up to Mobile Hacking Lab!

or

click to upload avatar

What's your name?

What's your e-mail?

Your password?

Your phone number?

Your address?

Your country?

Your country?

Your birthday?

Your company name?

Your company size?

Your Profession?

Your website?

Your university?

Your graduation year?

I accept the Terms & Conditions

I would like to receive news, tips and tricks, and other promotional material

Start your learning journey

Sign in with your account

Forgot your password?

or

Get a brand new password!

What's your e-mail?

OK

Cancel

Enter your brand new password

Enter it below, please

Enter it once more, please

OK

Cancel