Android WebContentResolver
When assessing Android devices and applications we regularly come across vulnerabilities in Android Content-Providers. These vulnerabilities are often similar to those found in web application security tests. In particular SQL Injection and directory traversal vulnerabilities are common problems in Content-Providers.
WebContentResolver runs on an Android device or emulator and will offer a web service interface to all installed Content-Providers. This will not only allow a security tester to use a web browser to test for vulnerabilities, but also to leverage the power of current web application testing tools, such as sqlmap, to find and exploit vulnerabilities in Content-Providers.
This tool is very much in an alpha state and we are currently working on several improvements for this tool and the Android assessment toolset in general.