Test onReceiveSSLError

942 views Asked by At

I fixed the vulnerability with the implementation of the WebViewClient.onReceivedSslError handler in my Android project but I would like to know how can I test it.

Previously my code was:

 @Override
    public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
        Log.d("message","message");
        handler.proceed(); // Ignore SSL certificate errors
    }

and after my fix is:

  @Override
    public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
        Log.d("a message","a message");

        final AlertDialog.Builder builder = new AlertDialog.Builder(view.getContext());
        builder.setTitle("Error");
        builder.setMessage("Certificate is invalid");
        builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
            @Override
            public void onClick(DialogInterface dialog, int which) {
                handler.proceed();
            }
        });
        builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
            @Override
            public void onClick(DialogInterface dialog, int which) {
                handler.cancel();
            }
        });
        final AlertDialog dialog = builder.create();
        dialog.show();
    }

For example can I modify the host in android emulator in order to point to a page that can throw ssl exception?

1

There are 1 answers

4
Surendra Kumar On BEST ANSWER

You can generate an error by following steps:

  1. Get webViewClient for your webview
  2. Intercept the request by shouldInterceptRequest() method of webViewClient
  3. Create a sslError and return from here
  4. It will go to OnReceivedSslError method