MWR Labs released WebContentResolver, an Android assessment tool which allows you to find Content-Provider vulnerabilities in no time.
A Content-Provider is one of Androids IPC endpoints; it is commonly used to implement data storage in applications and to offer access to this data to other applications on the device. The Android browser bookmarks or Android contacts list are just two examples for Content-Providers implemented on every Android. Unfortunately these Content-Providers are often riddled with vulnerabilities which allow third party applications or compromised applications to gain access to sensitive data. Regularly we find vulnerabilities, such as directory traversal or SQL injection in providers installed as part of the Android system or by third party applications. As these issues are similar to issues that are commonly found in web applications it would be desirable to test Content-Providers in the same way web applications are tested. This will allow us to leverage the current skill set of web application tester and the currently available tool set for web application testing. This is exactly what WebContentResolver does.
Download From here:http://labs.mwrinfosecurity.com/files/Tools/WebContentResolver.zip
A Content-Provider is one of Androids IPC endpoints; it is commonly used to implement data storage in applications and to offer access to this data to other applications on the device. The Android browser bookmarks or Android contacts list are just two examples for Content-Providers implemented on every Android. Unfortunately these Content-Providers are often riddled with vulnerabilities which allow third party applications or compromised applications to gain access to sensitive data. Regularly we find vulnerabilities, such as directory traversal or SQL injection in providers installed as part of the Android system or by third party applications. As these issues are similar to issues that are commonly found in web applications it would be desirable to test Content-Providers in the same way web applications are tested. This will allow us to leverage the current skill set of web application tester and the currently available tool set for web application testing. This is exactly what WebContentResolver does.
Download From here: