Two mobile apps to learn hacking WebViews on Android and iOS
WebViews allow developers to embed HTML pages into mobile applications and their use is widespread, from merely displaying a simple help page to wrapping an entire website inside a mobile app.
If not handled carefully, WebViews can introduce serious vulnerabilities in a mobile application.
“Where’s My Browser?” for Android and iOS are vulnerable-by-design mobile applications to learn hacking WebViews.
The applications provide vulnerable scenarios that guide you through the learning process. Alternatively you can explore the functionality of WebViews on your own by loading your own content into the WebViews and adjust the configuration from the settings menu without modifying the source code.
The following screenshots show the application on Android and iOS:
The applications are open source and released under the GPLv3 license.