WebContentResolver

When assessing Android devices and applications we regularly come across vulnerabilities in Android Content-Providers. 

These vulnerabilities are often similar to those found in web application security tests. In particular SQL Injection and directory traversal vulnerabilities are common problems in ContentProviders.

WebContentResolver runs on an Android device or emulator and will offer a web service interface to all installed Content-Providers. This will not only allow a security tester to use a web browser to test for vulnerabilities, but also to leverage the power of current web application testing tools, such as sqlmap, to find and exploit vulnerabilities in ContentProviders.

This tool is very much in an alpha state and we are currently working on several improvements for this tool and the Android assessment toolset in general.