0

I'm pretty new to android development. One of my buttons in the app, sends the user to a webpage, where the user can login into specific system.

The webpage has text boxes for username and password. Once you click on the Login button (in the webpage) it triggers a javascript to login into the system. The code triggered is: onclick="updateAction('TourAccLogin');document.main_form.submit();

The webpage form to login:

The webpage form to login

My question is: I have the username and password in the app, I want to know if I can somehow manipulate this form, the sign in automatically without user interference? Meaning, I will fill the username and password, I "click" the login button. So the user will be directed to the system right away, without having to put in the username and password.

Improve this question
3
  • is what your are trying to do legal / moral? Commented Mar 26, 2013 at 20:52
  • of course, it's also my own system. I'm just trying to save the user the step of login in again (since the user logged in into the app already with the same username and password) Commented Mar 26, 2013 at 20:56
  • is the webpage loaded into a webview? Commented Mar 26, 2013 at 20:57

2 Answers 2

Reset to default
1

This technique has worked for me. In my case, I'm loading a hidden field named in mElementId with a string value stored in someData, then firing its onchange event, which didn't fire on its own. I included it to show how you can stack javascript commands in a single injection. I'm sure a variant of this would work for you.

I also escaped any single quotes to prevent a javascript error. You may need to escape any other special characters, including semicolon. In my case it wasn't necessary because the data had already been cleansed.

// Copy data to element
mWebView.loadUrl("javascript:(function() { " +  
        "document.getElementById('" + mElementId + "').value = '" + 
        someData.replace("'", "\'") + "'; " +
        "document.getElementById('" + mElementId + "').onchange();" +
        "})()");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You say that it is your system, so you know what is running behind the scenes to process the login. I'm not mocking, just verifying. I'm assuming you've created a view of some sort where you have the username/password prior to doing this. I'm questioning this because you ask if there is a way of manipulating the form...

That being said, send the data as you normally would to the script that processes the login. If you're using a GET then http://some.domain.com/somescript?username=mumble&password=foo. If you're using a POST then create the post args and send it. Either way, you can process the results in a webview, which would allow your existing interface to pick up where it should.

Of course, if you're using a hash for the password or salting the password, you will need to do all that prior to sending it.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.