{"id":968,"date":"2015-09-16T02:23:47","date_gmt":"2015-09-15T23:23:47","guid":{"rendered":"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/"},"modified":"2022-12-25T16:51:12","modified_gmt":"2022-12-25T13:51:12","slug":"android-guvensiz-komponentlerin-drozer-ile-tespiti","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/","title":{"rendered":"[Android] G\u00fcvensiz Komponentlerin Drozer ile Tespiti"},"content":{"rendered":"<div id=\"post-body-3214922024024434130\">\n<div style=\"text-align: justify;\">\n<div class=\"separator\" style=\"clear: both; text-align: center;\"><a style=\"clear: left; float: left; margin-bottom: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozer.png?ssl=1\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozer.png?resize=200%2C200&#038;ssl=1\" width=\"200\" height=\"200\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>Daha \u00f6nceki Android&#8217;de \u0130zin Almadan \u0130zin Kullanmak yaz\u0131s\u0131nda bahsedildi\u011fi \u00fczere korunmayan komponentler di\u011fer uygulamalar taraf\u0131ndan k\u00f6t\u00fc niyetli olarak kullan\u0131labilmektedir. Content Provider&#8217;lar\u0131n sunmu\u015f oldu\u011fu veriler okunabilir, servislere ve activity&#8217;lere izin almadan kontrols\u00fcz bir \u015fekilde eri\u015filebilir ve baz\u0131 i\u015flemler yapt\u0131r\u0131labilir. Bu ba\u011flamda g\u00fcvenlik testi yaparken uygulanacak ad\u0131mlardan bir tanesi g\u00fcvensiz komponentlerin tespit edilmesi olacakt\u0131r. Korunmayan, g\u00fcvensiz komponentlerin tespiti s\u0131ras\u0131nda kullan\u0131labilecek ara\u00e7lardan bir tanesi Drozer arac\u0131d\u0131r. <a href=\"https:\/\/www.mwrinfosecurity.com\/products\/drozer\/\" target=\"_blank\" rel=\"noopener\">Drozer<\/a>, Android uygulama testleri i\u00e7in geli\u015ftirilmi\u015f bir framework&#8217;t\u00fcr. Android&#8217;in metasploiti olarak d\u00fc\u015f\u00fcn\u00fclebilir.<\/p>\n<\/div>\n<p>Drozer ile \u00e7al\u0131\u015fabilmek i\u00e7in birbirleriyle haberle\u015fen biri Android cihazda (emulat\u00f6rde), di\u011feri bilgisayarda olmak \u00fczere iki adet drozer uygulamas\u0131 indirilmelidir. A\u015fa\u011f\u0131daki ba\u011flant\u0131dan drozer agent apk dosyas\u0131 ve drozer console uygulamas\u0131 kullan\u0131lan i\u015fletim sistemine uygun olarak indirilebilir.<\/p>\n<p>(Bu yaz\u0131da client uygulamas\u0131 Ubuntu i\u015fletim sistemine uygun olarak se\u00e7ilecektir)<\/p>\n<div style=\"text-align: justify;\">Drozer Agent apk uygulamas\u0131 ba\u011flant\u0131dan indirilerek cihaza\/em\u00fclat\u00f6re <a href=\"http:\/\/developer.android.com\/tools\/help\/adb.html\" target=\"_blank\" rel=\"noopener\">adb<\/a> arac\u0131 \u00fczerinden kurulacakt\u0131r. adb arac\u0131 Android SDK ile birlikte gelen ve \u00a0cihaz\/em\u00fclat\u00f6r ile ileti\u015fime ge\u00e7mek amac\u0131yla kullan\u0131lan bir ara\u00e7t\u0131r. Android SDK <b>\/platform-tools<\/b> dizini alt\u0131nda yer almaktad\u0131r. Android cihaz bilgisayara ba\u011fland\u0131ktan sonra (em\u00fclat\u00f6r aya\u011fa kald\u0131r\u0131ld\u0131ktan sonra)<\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_55 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-66303cdad5ab5\" ><span class=\"\"><span style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input aria-label=\"Toggle\" aria-label=\"item-66303cdad5ab5\"  type=\"checkbox\" id=\"item-66303cdad5ab5\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#adb_install_agentapk\" title=\"adb install agent.apk\">adb install agent.apk<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dpkg_-i_drozer2xxdeb\" title=\"dpkg -i drozer2.x.x.deb\">dpkg -i drozer2.x.x.deb<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#adb_forward_tcp_31415_tcp_31415\" title=\"adb forward tcp:31415 tcp:31415\">adb forward tcp:31415 tcp:31415<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#drozer_console_connect\" title=\"drozer console connect\">drozer console connect<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#Guvensiz_service%E2%80%99lerin_tespit_edilmesi\" title=\"G\u00fcvensiz service&#8217;lerin tespit edilmesi\">G\u00fcvensiz service&#8217;lerin tespit edilmesi<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dz%3E_run_appserviceinfo\" title=\"dz&gt; run app.service.info\">dz&gt; run app.service.info<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dz%3E_run_appserviceinfo_-f_whatsapp\" title=\"dz&gt; run app.service.info -f whatsapp\">dz&gt; run app.service.info -f whatsapp<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dz%3E_run_appserviceinfo_-a_comwhatsapp\" title=\"dz&gt; run app.service.info -a com.whatsapp\">dz&gt; run app.service.info -a com.whatsapp<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dz%3E_run_appservicestart_%E2%80%93component_KOMPONENT_ADI_SERVIS_ADI\" title=\"dz&gt; run app.service.start &#8211;component KOMPONENT_ADI SERVIS_ADI\">dz&gt; run app.service.start &#8211;component KOMPONENT_ADI SERVIS_ADI<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dz%3E_run_appservicestart_%E2%80%93component_comwhatsapp_comwhatsappaccountsyncAccountAuthenticatorService\" title=\"dz&gt; run app.service.start &#8211;component com.whatsapp com.whatsapp.accountsync.AccountAuthenticatorService\">dz&gt; run app.service.start &#8211;component com.whatsapp com.whatsapp.accountsync.AccountAuthenticatorService<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#Guvensiz_activity%E2%80%99lerin_tespit_edilmesi\" title=\"G\u00fcvensiz activity&#8217;lerin tespit edilmesi\">G\u00fcvensiz activity&#8217;lerin tespit edilmesi<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dz%3E_run_appactivityinfo\" title=\"dz&gt; run app.activity.info\">dz&gt; run app.activity.info<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dz%3E_run_appactivitystart_%E2%80%93KOMPONENT_ADI_ACTIVITY_ADI\" title=\"dz&gt; run app.activity.start &#8211;KOMPONENT_ADI ACTIVITY_ADI\">dz&gt; run app.activity.start &#8211;KOMPONENT_ADI ACTIVITY_ADI<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#run_appactivitystart_%E2%80%93component_comouzsecond_comouzsecondSecondAppMainActivity\" title=\"run app.activity.start &#8211;component com.ouz.second com.ouz.second.SecondAppMainActivity\">run app.activity.start &#8211;component com.ouz.second com.ouz.second.SecondAppMainActivity<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#Guvensiz_content_provider%E2%80%99larin_tespit_edilmesi\" title=\"G\u00fcvensiz content provider&#8217;lar\u0131n tespit edilmesi\">G\u00fcvensiz content provider&#8217;lar\u0131n tespit edilmesi<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/furkansandal.com\/android-guvensiz-komponentlerin-drozer-ile-tespiti\/#dz%3E_run_appproviderinfo_%E2%80%93permission_null\" title=\"dz&gt; run app.provider.info &#8211;permission null\">dz&gt; run app.provider.info &#8211;permission null<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h4 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"adb_install_agentapk\"><\/span>adb install agent.apk<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>komutu \u00e7al\u0131\u015ft\u0131r\u0131larak drozer agent uygulamas\u0131 cihaza kurulmaktad\u0131r. \u0130ndirilen drozer console client&#8217;\u0131 da ar\u015fiv dosyas\u0131ndan \u00e7\u0131kart\u0131larak<\/p>\n<h4 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"dpkg_-i_drozer2xxdeb\"><\/span>dpkg -i drozer2.x.x.deb<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<div>\n<p>komutu ile de bilgisayara kurulabilir. Uygulaman\u0131n do\u011fru kuruldu\u011funu anlaman\u0131n kolay yolu drozer&#8217;\u0131 \u00e7al\u0131\u015ft\u0131rmakt\u0131r. Drozer \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda a\u015fa\u011f\u0131daki gibi bir yard\u0131m men\u00fcs\u00fc g\u00f6r\u00fcnt\u00fcs\u00fcyle kar\u015f\u0131la\u015f\u0131lmal\u0131d\u0131r.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/1442359427_drozer.png?ssl=1\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/1442359427_drozer.png?ssl=1\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>Daha sonra cihazda bulunan drozer uygulamas\u0131 \u00e7al\u0131\u015ft\u0131r\u0131lmal\u0131 ve sa\u011f alt k\u00f6\u015fsedeki buton vas\u0131tas\u0131yla drozer uygulamas\u0131 aktifle\u015ftirilmelidir.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozergui1.png?ssl=1\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozergui1.png?resize=251%2C400&#038;ssl=1\" width=\"251\" height=\"400\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>Drozer aktif hale getirildikten sonra a\u015fa\u011f\u0131daki gibi bir ekran ile kar\u015f\u0131la\u015f\u0131lacakt\u0131r.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozergui2.png?ssl=1\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozergui2.png?resize=250%2C400&#038;ssl=1\" width=\"250\" height=\"400\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>G\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere drozer sunucusu Android cihazda 31415 portundan ba\u011flant\u0131lar\u0131 beklemektedir. Bu i\u015flemden sonra adb arac\u0131 kullan\u0131larak bilgisayardaki lokal 31415 portuna gelen socket ba\u011flant\u0131lar\u0131n\u0131n, cihaz\/em\u00fclat\u00f6r&#8217;\u00fcn 31415 portuna y\u00f6nlendirilmesi gerekmektedir. \u00c7\u00fcnk\u00fc drozer uygulamas\u0131n\u0131n bilgisayara kurulan console uygulamas\u0131 31415 portuna ba\u011flant\u0131 iste\u011fi g\u00f6ndermektedir. Ayn\u0131 zamanda cihaz\/em\u00fclat\u00f6r&#8217;de \u00e7al\u0131\u015fan drozer uygulamas\u0131 da 31415 portundan dinleme yapmaktad\u0131r.<\/p>\n<h4 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"adb_forward_tcp_31415_tcp_31415\"><\/span>adb forward tcp:31415 tcp:31415<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>komutu bu i\u015flem i\u00e7in kullan\u0131lmaktad\u0131r. Bu y\u00f6nlendirmeyi yapt\u0131ktan sonra bilgisayarda<\/p>\n<h4 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"drozer_console_connect\"><\/span>drozer console connect<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>komutu \u00e7al\u0131\u015ft\u0131r\u0131lacak cihaz\/em\u00fclat\u00f6r&#8217;deki drozer sunucusu ile ba\u011flant\u0131 kurulmas\u0131 sa\u011flanmaktad\u0131r. B\u00fct\u00fcn ad\u0131mlar do\u011fru yap\u0131ld\u0131\u011f\u0131 taktirde a\u015fa\u011f\u0131daki gibi bir ekran g\u00f6r\u00fcnt\u00fcs\u00fcyle kar\u015f\u0131la\u015f\u0131lacakt\u0131r.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozer2.png?ssl=1\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozer2.png?ssl=1\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>Bu s\u0131rada cihazdaki uygulama aray\u00fcz\u00fcnde ba\u011flant\u0131n\u0131n kuruldu\u011funa dair veriler de g\u00f6r\u00fclebilmektedir.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozergui3.png?ssl=1\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozergui3.png?resize=248%2C400&#038;ssl=1\" width=\"248\" height=\"400\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>Drozer uygulamas\u0131 ba\u015far\u0131l\u0131 bir \u015fekilde \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131ktan sonra \u00a0cihazda bulunan g\u00fcvensiz komponentler testpit edilebilmektedir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Guvensiz_service%E2%80%99lerin_tespit_edilmesi\"><\/span>G\u00fcvensiz service&#8217;lerin tespit edilmesi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Drozer \u00fczerinden<\/p>\n<h4 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"dz%3E_run_appserviceinfo\"><\/span>dz&gt; run app.service.info<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>komutu \u00e7al\u0131\u015ft\u0131r\u0131larak export edilmi\u015f ve\/veya intent-filter tan\u0131mlanm\u0131\u015f fakat zamanda herhangi bir izin taraf\u0131ndan korunmayan service&#8217;lerin listesi elde edilebilir. \u00d6rnek olarak a\u015fa\u011f\u0131daki ekran g\u00f6r\u00fcnt\u00fcs\u00fcnde drozer taraf\u0131ndan tespit edilen g\u00fcvensiz servis bulunan uygulamalardan bir tanesi whatsapp uygulamas\u0131d\u0131r.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozer+whatsapp.png?ssl=1\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozer+whatsapp.png?ssl=1\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>Ayn\u0131 komuta <b>-f<\/b> parametresi ile keyword verilebilir ve b\u00f6ylece istenilen herhangi bir keyword i\u00e7in arama daralt\u0131labilir. Benzer bir \u015fekilde <b>-a<\/b> parametresi ile birlikte uygulama paket ismi verilerek arama daralt\u0131labilir. <b>-p<\/b> parameteresi verilerek permission ile de arama yap\u0131labilmektedir.<\/p>\n<h4 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"dz%3E_run_appserviceinfo_-f_whatsapp\"><\/span>dz&gt; run app.service.info -f whatsapp<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>ve<\/p>\n<h4 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"dz%3E_run_appserviceinfo_-a_comwhatsapp\"><\/span>dz&gt; run app.service.info -a com.whatsapp<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Korunmas\u0131z servisler yine drozer \u00fczerinden \u00e7al\u0131\u015ft\u0131r\u0131labilmektedir. Bunun i\u00e7in drozer&#8217;dan<\/p>\n<h4 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"dz%3E_run_appservicestart_%E2%80%93component_KOMPONENT_ADI_SERVIS_ADI\"><\/span>dz&gt; run app.service.start &#8211;component KOMPONENT_ADI SERVIS_ADI<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>komutu \u00e7al\u0131\u015ft\u0131r\u0131labilir. \u00d6rnek olarak whatsapp uygulamas\u0131n\u0131n<\/p>\n<p><span style=\"font-family: Courier New, Courier, monospace;\"><b>com.whatsapp.accountsync.AccountAuthenticatorService<\/b><\/span><\/p>\n<p>servisini \u00e7al\u0131\u015ft\u0131rmak i\u00e7in<\/p>\n<h4 style=\"text-align: left;\"><span class=\"ez-toc-section\" id=\"dz%3E_run_appservicestart_%E2%80%93component_comwhatsapp_comwhatsappaccountsyncAccountAuthenticatorService\"><\/span>dz&gt; run app.service.start &#8211;component com.whatsapp com.whatsapp.accountsync.AccountAuthenticatorService<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>komutu \u00e7al\u0131\u015ft\u0131r\u0131lmal\u0131d\u0131r. Servis \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131 ile ilgili t\u00fcm ayr\u0131nt\u0131lar i\u00e7in <b>-h<\/b> parametresi ile help dosyas\u0131 g\u00f6r\u00fcnt\u00fclenebilmektedir.<\/p>\n<div style=\"text-align: justify;\">\u00d6nceki yaz\u0131da\u00a0yer alan first uygulamas\u0131 yine drozer taraf\u0131ndan tespit edilmi\u015ftir.<\/div>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozerfirst.png?ssl=1\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozerfirst.png?resize=400%2C75&#038;ssl=1\" width=\"400\" height=\"75\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p><b>-p<\/b> parametresi ile yap\u0131lan arama sonucu da a\u015fa\u011f\u0131daki \u015fekilde bir sonu\u00e7 verecektir.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozerpermission.png?ssl=1\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozerpermission.png?ssl=1\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<p>G\u00fcvensiz service&#8217;ler ile yap\u0131labilecekler daha \u00e7ok fazla i\u015flem vard\u0131r. Ancak bu yaz\u0131 i\u00e7erisinde daha fazla detaya girilmeyecektir. Detayl\u0131 bilgi i\u00e7in drozer komutlar\u0131na <b>-h <\/b>parametresi verilerek yard\u0131m men\u00fcs\u00fc g\u00f6r\u00fcnt\u00fclenebilmektedir.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: justify;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozerservice.png?ssl=1\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/drozerservice.png?ssl=1\" border=\"0\" data-recalc-dims=\"1\" \/><\/a><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Guvensiz_activity%E2%80%99lerin_tespit_edilmesi\"><\/span>G\u00fcvensiz activity&#8217;lerin tespit edilmesi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h4><span class=\"ez-toc-section\" id=\"dz%3E_run_appactivityinfo\"><\/span>dz&gt; run app.activity.info<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>komutu ile ger\u00e7ekle\u015ftirilmektedir. Yine -a parameteresi ile birlikte paket ad\u0131; ve -f parametresi ile de herhangi bir keyword verilerek arama daralt\u0131labilmektedir. Ve yine -p parametersi ile arama, izne g\u00f6re de daralt\u0131labilmektedir. Detaylar i\u00e7in -h parametresi kullan\u0131larak yard\u0131m ekran\u0131 g\u00f6r\u00fcnt\u00fclenebilir.<\/p>\n<p>G\u00fcvensiz activity&#8217;ler, service&#8217;lere benzer bir \u015fekilde<\/p>\n<h4><span class=\"ez-toc-section\" id=\"dz%3E_run_appactivitystart_%E2%80%93KOMPONENT_ADI_ACTIVITY_ADI\"><\/span>dz&gt; run app.activity.start &#8211;KOMPONENT_ADI ACTIVITY_ADI<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<h4><span class=\"ez-toc-section\" id=\"run_appactivitystart_%E2%80%93component_comouzsecond_comouzsecondSecondAppMainActivity\"><\/span>run app.activity.start &#8211;component com.ouz.second com.ouz.second.SecondAppMainActivity<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<h2><span class=\"ez-toc-section\" id=\"Guvensiz_content_provider%E2%80%99larin_tespit_edilmesi\"><\/span>G\u00fcvensiz content provider&#8217;lar\u0131n tespit edilmesi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Drozer \u00fczerinden benzer bir \u015fekilde<\/p>\n<h4><span class=\"ez-toc-section\" id=\"dz%3E_run_appproviderinfo_%E2%80%93permission_null\"><\/span>dz&gt; run app.provider.info &#8211;permission null<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>komutu ile tespit edilmektedir. Detaylar i\u00e7in <b>-h<\/b> parametresi kullan\u0131larak yard\u0131m ekran\u0131 g\u00f6r\u00fcnt\u00fclenebilir.<\/p>\n<p>Bu yaz\u0131da ama\u00e7 Drozer arac\u0131n\u0131 kullarak g\u00fcvensiz komponentlerin tespit edilmesi idi. Daha detayl\u0131 testler ve ad\u0131mlar i\u00e7in drozer&#8217;\u0131n yard\u0131m men\u00fcs\u00fc kullan\u0131labilir. \u0130lerleyen g\u00fcnlerde drozer ile daha detayl\u0131 i\u015flemlerin yap\u0131ld\u0131\u011f\u0131 yaz\u0131lar yay\u0131nlanacakt\u0131r.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Daha \u00f6nceki Android&#8217;de \u0130zin Almadan \u0130zin Kullanmak yaz\u0131s\u0131nda bahsedildi\u011fi \u00fczere korunmayan komponentler di\u011fer uygulamalar taraf\u0131ndan k\u00f6t\u00fc niyetli olarak kullan\u0131labilmektedir. Content&#8230;<\/p>\n","protected":false},"author":1,"featured_media":969,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,3,7,4],"tags":[103,109,76,104,105,59,22,108,102,107,101,84,86,106],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/09\/1442359457_drozer.png?fit=471%2C471&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-fC","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/968"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=968"}],"version-history":[{"count":2,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/968\/revisions"}],"predecessor-version":[{"id":3913,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/968\/revisions\/3913"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/969"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}