All Your Browsers Belong To Us - Infiltrate 2016

The age of Android is upon us, and is taking no prisoners. More and more
Android users flock to the Google Play Store and rummage through apps,
searching for the new hotness to download and install on their devices.
What they don’t know will kill them … nah not really, but they’re probably
going to have a bad time.

This presentation will take a deep dive into the pervasiveness of
vulnerability patterns that riddle the most popular of Android Web
Browsers, and the techniques can be used to exploit them. Multiple
browsers will be used to demonstrate many of the abuse cases, a methodology
for vulnerability research and exploit development.

SLIDES

VIDEO

Portals - Abusing JavaScript Interface Usage in Android Browsers - OWASP 2017

Five years ago, the ability to execute arbitrary code in Android WebViews through Javascript Interfaces was discovered roughly five years ago. Since then this vulnerability has been patched and minimal research has surfaced about additional problems with Javascript Interfaces.

This talk is to serve as a (re)introduction into Javascript Interfaces and the Android Browsers that use them. We will discuss how they are implemented, their per-browser functionality, and the security problems that comes with them.

We will also dive into a generic methodology for developing your own toolset and processes for analyzing Javascript Interfaces in Android Browsers, along with some details around vulnerability research and exploit development.

SLIDES