Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
How to Phish Users on Android Applications - Case Study on Meta Threads
remoteawesomethoughtsPosted 6 Months Ago- WebViews are commonly used in Android applications to display webpages inside of the app itself. To improve usability, deeplinks or custom URIs on the app, are commonly used.
- When deeplinks are used, they can also be defined as browsable and exported in the app's manifest. This allows the activity to be interacted with from outside of the app.
- Thus, the content being used for these links must be strictly verified. Otherwise, it can lead to phishing threats. If a webview is rendered in the app silently, then a user might trust the login page.
