Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] can this kind of detection be supported? #2327

Closed
ajinabraham opened this issue Jan 14, 2024 · 2 comments
Closed

[FEATURE] can this kind of detection be supported? #2327

ajinabraham opened this issue Jan 14, 2024 · 2 comments

Comments

@ajinabraham
Copy link
Member 

          can this kind of detection be supported?

The WebViewActivity defines an intent filter that uses the deep link insecureshop://com.insecureshop
https://z4ki.medium.com/android-deep-links-exploitation-4abade4d45b4

Originally posted by @ohyeah521 in #2322 (comment)
@github-actions GitHub Actions
Copy link

👋 @ajinabraham
Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel
Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

@ajinabraham ajinabraham changed the title can this kind of detection be supported? [FEATURE] can this kind of detection be supported? May 21, 2024
@ajinabraham
Copy link
Member Author

Added a rule to identify these :

Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/rules/android_rules.yaml

Line 164 in e4406e9

- id: android_webview_allow_file_from_url

Also MobSF now lists all intents during dynamic analysis to help you test this dynamically.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ajinabraham