[A]ndroid [A]pplication [P]entest [G]uide
  • AAPG
  • 1. MANUAL STATIC ANALYSIS
    • 1.1 Decompile APK
    • 1.2 Check certificate
    • 1.3 Analyze AndroidManifest.xml
    • 1.4 Source Code Analysis
  • 2. AUTOMATED STATIC ANALYSIS
  • 3. MANUAL DYNAMIC ANALYSIS
    • 3.1 Install application & use it
    • 3.2 Bypass detections
    • 3.3 Analyze local storage
    • 3.4 Attack surface
      • 3.4.1 Activities
      • 3.4.2 ContentProvider
      • 3.4.3 Services
    • 3.5 Log analysis
    • 3.6 More HOW and WHAT! (still work in progress)
  • 4. APK TAMPERING
    • 4.1 DIY - Simple Reverse Meterpreter (Non-Xamarin)
    • 4.2 Quick Proof-of-Concept (Meterpreter)
Powered by GitBook
On this page
  • DROZER
  • THINGS TO REPORT

Was this helpful?

  1. 3. MANUAL DYNAMIC ANALYSIS
  2. 3.4 Attack surface

3.4.3 Services

DROZER

List details on exported services:

run app.service.info -a com.x.x.x
run app.service.send com.your.app com.google.firebase.iid.FirebaseInstanceIdService baaadText 2 3

In case an error occurs --> analyze the decompiled source code (if available) and try other values until you succeed

THINGS TO REPORT

Extraction of sensitive data is possible

Previous3.4.2 ContentProviderNext3.5 Log analysis

Last updated 5 years ago

Was this helpful?