SILICA 7.18 Release Notes
- New client side exploit for Android's WebView addJavascriptInterface Remote Code Execution (CVE-2013-4710). This is handled automatically by SILICA's Fake-AP module.
- New filtering feature added. Supply a list of newline-separated MAC addresses for the main wireless AP window and FakeAP tab. This way a tester can track devices that only are registered with a particular company.
- New feature to use CANVAS MOSDEF listeners. This feature is implemented for the Android's WebView addJavascriptInterface Remote Code Execution Exploit.
Demo: Exploiting Android WebView.addJavaScriptInterface