Drozer
info about packages:
run app.package.list -f <name of the app>
run app.package.info -a <name of the package>
read manifest:
run app.package.manifest <name of the package>
attack surface of the package:
run app.package.attacksurface <name od the package>
example res:
Attack Surface:
3 activities exported
0 broadcast receivers exported
2 content providers exported
2 services exported
is debuggable
Activities: Maybe you can start an activity and bypass some kind of authorization that should be prevent you from launching it.
Content providers: Maybe you can access private data or exploit some vulnerability (SQL Injection or Path Traversal)
Activities:
run app.activity.info -a <name of the package>
run app.activity.start --component <package name> <activity name>
Services:
run app.service.info -a <package name>
run app.service.send #to send messages to a service
run app.service.start #to start a service
run app.service.stop #to stop a service
Broadcast Receivers:
run app.broadcast.info -a <package name>
run app.broadcast.send --action <action of the reciver> --component <package name of the reciver> <name of the class that start the broadcast> --extra string <parameter in the broadcast> <the data you want to enter in the parameter>
Last updated