Android sign-in application using web scraping with a WebView background

综合技术 2018-05-18 阅读原文

I am facing a problem when performing a login system for a web-based Android app (https connection with CA, TLS 1.0, 128bit). So, The aplication has its own login screen/activity (two EditText to username and password) and the user should be able to log into the web through that window (without showing the WebView or similar). Then the application will update its menu, Showing a number of features with a logout/exit button. Well, the problem here is that I haven't a webservice at my disposal to authenticate the user... tricks of the trade ¬ ¬.

Also, I have another problem because if the user type the wrong login although once, an evil captcha appears. We can avoid by closing and open again the browser after each attempt. Considering all possibilities, then the most 'viable' solution consist of web-scraping the Javascript code on the web, fill out the url login form fields (.do) user and password and send it. Researching and thiking the process steps, I have some doubts to implement that using Android. Ideas/advices will be appreciated. So, there we go.. my initial approach:

  1. Perform the https connection. This should validate the certificate because I can't even connect. I decided to do something like this. Download the certificates in base64 (.Cer), generate keys and using them in my application. Two questions:

    • If the web certificate expires, do you need to re-generate the keystore and add them into the app code again?.
    • Is there anyay to automate this process downloading them programmatically and validating the CA?.
  2. Create a Webview (not show) and enable the javascript. It'll serve to inject js in the web (user and pass from the EditText fields) and use the submit button on the web. Load the URL where the login form and validate it is. Question:

    b) I need to clear the webview's cache, including cookies after submitting the form in order to avoid the captcha when the user try again... in this particular case, is enough to disable the cache? (weview.clearCache (true)). I think i need to play with the onPageFinished method to control that with a firstAttemp boolean var or similar...

  3. Once you submit the form, the javascript use a label 'error', with which you could check if the login was successful. Using the Javascript Interface finding the class tag with something like:


  4. If the login is correct, then save the user in the shared data file using AES encryption and BASE64 to o.

Here some code:

isSumitted = false;
    String user = editUser.getText().toString();
    String password = editPass.getText().toString();

    // Empty fields checking
    // Here we can do other checks (size, characters...)
    // maybe create a LoginFormatException...
    if (user.isEmpty() || password.isEmpty()) {
        Util.alertaAcept(getActivity(), "Error:", getResources()

    // Authenticate by using a Webview in the background
    WebView myWebView = new WebView(getActivity());
    WebSettings settings = myWebView.getSettings();
    //settings.setSavePassword(false); <--- deprecated

    // JavaScript to inject in the webview
    final StringBuilder jsCode = new StringBuilder()
    .append("javascript: {")
    .append("document.getElementById('logname')[0].value = '"+ user +"';")
    .append("document.getElementById('passtext')[0].value = '"+ password +"';");

myWebView.setWebViewClient(new WebViewClient() {
    public void onPageFinished(WebView view, String url) {
       if (!isSubmitted) {
            // if first attempt
            // fill the fields and submit
            isSubmitted = true;
            // check if the login was correct
            // by getting the response from js "document.getElementsByClassName('error')[0].innerHTML;";
                 // logged OK
                 logged = true;
                  // then encrypt user & pass with AES and encode it to a String by using BASE64
                  // (plus a proper key) and save the data in the shared preference file:
                  // show an AlertDialog with something like "Sorry, wrong user/password" or "Sorry, you fail this city" or whatever you want...
                  // Now, delete the browser's cache
                  //delete cached requests or cookies if it's necessary

Thanks! 🙂

Use web scraping tools in Android and work out with the code. Try this solution:

The following tools and code resources can come handy to your use :

Hello, buddy!

责编内容by:Hello, buddy!阅读原文】。感谢您的支持!