Android Vulnerability Assessment Tool Named WebContentResolver

WebContentResolver is an open source, Android assessment tool which allows you to find Content-Provider vulnerabilities desinged by MWR InfoSecurity Labs. Though it still is an Alpha release, you can atleast start and report any bugs that are found. 

What is an Android Content-Provider? 
A Content-Provider is one of Androids IPC endpoints; it is commonly used to implement data storage in applications and to offer access to this data to other applications on the device. They store,  add, alter, delete and retrieve data and make it accessible to all applications. They’re the only way to share data across applications as there is no common storage area that all Android packages can access. Android ships with a default number of content providers for common data types, such as – audio, video, images, personal contact information, browser bookmarks, contacts list, etc. It basically is an interface that clients use indirectly, most generally through ContentResolver objects. Unfortunately, because of unsupervised use, these Content-Providers are vulnerable which allow third party applications or compromised applications to gain access to sensitive data. Commong vulnerabilities, such as directory traversal or SQL injection in providers installed as part of the Android system or by third party applications are regularly found on the Android platform. As these issues are similar to issues that are commonly found in web applications it would be desirable to test Content-Providers in the same way web applications are tested using Android WebContentResolver. This allows us to leverage the current skill set of web application tester and the currently available tool set for web application testing.
WebContentResolver runs on an Android device or emulator and will offer a web service interface to all installed Content-Providers. This not only allows a security tester to use a web browser to test for vulnerabilities, but also to leverage the power of current web application testing tools, such as sqlmap, to find and exploit vulnerabilities in Content-Providers.

To Download WebContentResolver Click Here

Install the WebContentResolver.apk to the phone or emulator under test. This will create its icon in the Launcher menu, which we use to execute. This by default starts a local web server listening on port 8080.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: ,


Post a Comment

Related Posts Plugin for WordPress, Blogger...