Drozer
[Terminal] Start a drozer session
open drozer-agent application inside android emulator, toggle it on.

2. open Terminal inside linux host machine, type the following to establish communication between drozer and drozer-agent.
adb forward tcp:31415 tcp:31415

3. open Terminal inside windows host machine, type the following to start drozer.
drozer console connect

[Drozer] Find the package name of the vulnerable application
run app.package.list -f <string>

[Drozer] Show package information
run app.package.info -a <package_name>

[Drozer] Identify attack surface
run app.package.attacksurface <package_name>

[Drozer] Exploit exported activities
List exported activities
run app.activity.info -a <package_name>

Invoke exported activities
run app.activity.start -a <package_name> <exported_activity_name>


[Drozer] Exploit exported content providers
Find accessible content URIs
run scanner.provider.finduris -a <package_name>

SQLi vulnerability
List accessible SQLi injection points and accessible content URIs.
run scanner.provider.injection -a <package_name>

Display SQL tables for the package name if it is vulnerable to SQLi.
run scanner.provider.sqltables -a <package_name>

[CRUD] query the content.

[CRUD] insert the content.

[CRUD] update the content.

[CRUD] delete the content.

Directory traversal vulnerability
List accessible content URIs that is vulnerable to directory traversal.
run scanner.provider.traversal -a <package_name>

Exploit directory traversal vulnerability.
run app.provider.read <content_uri>../../etc/hosts
run app.provider.read <content_uri>../../proc/cpuinfo


Last updated