Awesome

Discover and Hack URL handlers

URL handlers are the bits in the front of the URLs (e.g. http:, https:, ftp:, skype:). They add things a web page can do to you and your device. Surprising applications have a nasty habit to register these without asking. Learn more from our videos or presentation.

Try it out on the web

Check out the http://hack.urlhandlers.info, it gives you a prototype of a JavaScript based exploration and testing interface with limited functionality (only canned URL handler information is available).

Try it out locally

If you plan to dig deeper you can use these tools locally. A quick start to get more out of this on OSX:

git clone https://github.com/ouspg/urlhandlers.git
cd handlers/web
../osx/handlers-list.py > handlers.json
python -m SimpleHTTPServer 8080

Tools

This repository collects discovery, testing and instrumentation tooling for research in URL handlers.

Discovery

• OSX: Python based discovery tool
• Windows: Windows Powershell Script prototype [WIP]

Testing

• Launcher for the OSX Launch Services
• OSX open CLI tool
• Online JavaScript based testing UI for the Browsers
• HTML file with direct invocation (e.g. iframe)
• HTML redirects

Instrumentation

• execve monitoring DTrace-script (tested on OSX)

Contibute

See contribution and development documentation.

References

• handleOpenURL - Shared Interapp Communication!
• IPhone URL Schemes
• lsregister: How Files Are Handled in Mac OS X