Beating Down Android Browsers with Bowser

Overview (!) UPDATE - Bowser has be integrated into Lobotomy (!) When it comes to the vulnerability discovery process within Android Web Browsers, I have developed a toolkit called Bowser that will help in ALMOST complete automation. Bowser currently targets vulnerability classes: Vulnerable parseUri() implementations addJavascriptInterface() In this post we will be…

The Power of Wings | Abusing the Intent URL Scheme Redux

Overview In March 2014 a white paper was released that detailed research from Takeshi Terada around using the Intent URL Scheme in order to effectively attack Android Web Browsers. In this paper he demonstrates how an insecure implementation of the Intent URL Scheme had been leveraged in popular browsers (Chrome,…