window.WebViewWM.getUserscriptJS(secret, url)
- the 1st parameter is a user-defined shared secret
- in WebMonkey, this value is entered in:
Settings
- in WebMonkey, this value is entered in:
- for use by JS code injected by a
mitmproxy
script- to allow userscripts to run in iframe windows
- PCAPdroid
- summary:
- simulates a VPN to capture network traffic without root
- summary:
- PCAPdroid mitm
- summary:
- addon for PCAPdroid.
- runs an instance of
mitmproxy
server in SOCKS5 mode. - decrypts TLS/SSL connections.
- supports running user-supplied scripts.
- summary:
- mitmproxy scripts
- summary:
- my collection of various
mitmproxy
scripts.
- my collection of various
- summary:
- mitmproxy script:
disable_csp
- summary:
- can be used to disable all
content-security-policy
rules.
- can be used to disable all
- comments:
- CSP rules are set by server HTTP response headers.
- CSP rules can prevent WebMonkey userscripts from running.
- summary:
- mitmproxy script:
modify_html_files
- summary:
- can be used to inject JS code into iframes.
- if this code runs in WebMonkey and has the shared secret,
then it can obtain the JS code for all matching userscripts,
and then dynamically add it to the page.
- example
- comments:
- routing all network traffic through a simulated VPN tunnel isn't ideal,
but Android System WebView doesn't provide an API interface to access iframe windows. - when userscripts only need to run in top-level windows, then this isn't necessary.
- when userscripts need to run in all iframe windows, then this provides a workable solution.
- routing all network traffic through a simulated VPN tunnel isn't ideal,
- summary: