- password autofill does not work in cross-domain frames in iOS browsers based on UIWebView
- calling window.open() overwrites the calling window, so I cannot control content while having the target website open
- I didn't find any other way to set location.host or mainDocumentURL.host to target domain while still controlling the content
I guess there may be some solution which I overlooked, so here is the challenge for you:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - (void)viewDidLoad | |
| { | |
| [super viewDidLoad]; | |
| webView.delegate = self; | |
| [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"file:///tmp/challenge1.html"]]]; | |
| } | |
| - (void)webViewDidFinishLoad:(UIWebView *)lWebView | |
| { | |
| if([lWebView.request.mainDocumentURL.host isEqualToString:@"example.com"] | |
| && [[lWebView stringByEvaluatingJavaScriptFromString:@"location.host"] isEqualToString:@"example.com"] | |
| && [[lWebView stringByEvaluatingJavaScriptFromString:@"document.forms[0].id"] isEqualToString:@"challenge1"]) { | |
| NSLog(@"You completed the challenge!"); | |
| } | |
| } |
A sample application with the code above - which you may run on iOS simulator - is available on GitHub. The task is to prepare a local HTML file (/tmp/challenge1.html) in such way that "You completed the challenge" line will get executed.
There is no reward unfortunately, apart from a humble "thank you" during our SyScan360 talk :-)
Maybe I'm mis-understanding but IIRC Chrome for iOS uses its own networking which means it supplies the data to the UIWebView. Given that it's supplying the data it could add its own? In other words it could inject scripts. Those scripts could then read passwords as typed (not auto-fill) and or as sent and send them back to the app.
ReplyDeleteIs that correct?