[A]ndroid [A]pplication [P]entest [G]uide
  • AAPG
  • 1. MANUAL STATIC ANALYSIS
    • 1.1 Decompile APK
    • 1.2 Check certificate
    • 1.3 Analyze AndroidManifest.xml
    • 1.4 Source Code Analysis
  • 2. AUTOMATED STATIC ANALYSIS
  • 3. MANUAL DYNAMIC ANALYSIS
    • 3.1 Install application & use it
    • 3.2 Bypass detections
    • 3.3 Analyze local storage
    • 3.4 Attack surface
      • 3.4.1 Activities
      • 3.4.2 ContentProvider
      • 3.4.3 Services
    • 3.5 Log analysis
    • 3.6 More HOW and WHAT! (still work in progress)
  • 4. APK TAMPERING
    • 4.1 DIY - Simple Reverse Meterpreter (Non-Xamarin)
    • 4.2 Quick Proof-of-Concept (Meterpreter)
Powered by GitBook
On this page
  • DROZER
  • ADB
  • THINGS TO REPORT

Was this helpful?

  1. 3. MANUAL DYNAMIC ANALYSIS
  2. 3.4 Attack surface

3.4.1 Activities

DROZER

run app.activity.info -a com.x.x.x
run app.activity.start --component com.x.x.x com.x.x.x.ActivityName

Displays exported acclivities and starting them

ADB

adb shell am start -n com.x.x.x/ActivityName

In order to get the activity names - use drozer or also have a look the AndroidManifest.xml

THINGS TO REPORT

  • Bypass so called "protected" activities (i.e. creds needed) and access sensitive information

  • Accessed "hidden" activities (if Admin-UI or Debug-UI are implemented)

Previous3.4 Attack surfaceNext3.4.2 ContentProvider

Last updated 5 years ago

Was this helpful?