Vulnerability & Exploit Database

Back to search

Android Browser "Open in New Tab" Cookie Theft

In Android's stock AOSP Browser application and WebView component, the "open in new tab" functionality allows a file URL to be opened. On versions of Android before 4.4, the path to the sqlite cookie database could be specified. By saving a cookie containing a <script> tag and then loading the sqlite database into the browser as an HTML file, XSS can be achieved inside the cookie file, disclosing *all* cookies (HttpOnly or not) to an attacker.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

auxiliary/gather/android_browser_new_tab_cookie_theft

Authors

  • Rafay Baloch
  • joev <joev [at] metasploit.com>

References

Actions

  • WebServer

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/gather/android_browser_new_tab_cookie_theft msf auxiliary(android_browser_new_tab_cookie_theft) > show actions ...actions... msf auxiliary(android_browser_new_tab_cookie_theft) > set ACTION <action-name> msf auxiliary(android_browser_new_tab_cookie_theft) > show options ...show and set options... msf auxiliary(android_browser_new_tab_cookie_theft) > run