Drozer
[Terminal] Start a drozer session
open drozer-agent application inside android emulator, toggle it on.
2. open Terminal inside linux host machine, type the following to establish communication between drozer and drozer-agent.
3. open Terminal inside windows host machine, type the following to start drozer.
[Drozer] Find the package name of the vulnerable application
[Drozer] Show package information
[Drozer] Identify attack surface
[Drozer] Exploit exported activities
List exported activities
Invoke exported activities
[Drozer] Exploit exported content providers
Find accessible content URIs
SQLi vulnerability
List accessible SQLi injection points and accessible content URIs.
Display SQL tables for the package name if it is vulnerable to SQLi.
[CRUD] query the content.
[CRUD] insert the content.
[CRUD] update the content.
[CRUD] delete the content.
Directory traversal vulnerability
List accessible content URIs that is vulnerable to directory traversal.
Exploit directory traversal vulnerability.
Last updated