What is Drozer?
Drozer is a Security & Attack Framework for Android Application Testing. Drozer is a tool that can be used for Mobile device review , Secure development of applications, BYOD approval and Mobile application testing.There are 2 Versions of Drozer an Open Source and other one Pro version having following features
- Gathering the information about the application
- Find the attack surface
- Test your Exposure to Public Exploits
- Execute dynamic code on a device, to avoid the need to compile and install small test scripts.
- Start Android emulators, provisioned with the drozer Agent and the app you want to investigate.
- Simulate sensor input, such as GPS, to emulators to test the full attack surface.
- View the attack surface as a graph. this will be helpful for the risk assessment reporting.
Command to install the Drozer agent on emulator or device
adb install drozer.apkStart the service on the emulator or device
then give below command
adb forward tcp:31415 tcp:31415open cmd and browse to drozer directory
To check drozer functionality or device connected
drozer console devices
To connect to the device or emulator
drozer console connectTo search for an app
run app.package.list -f [keyword]To get info of an app
run app.package.info -a [package name]
To check the attack surface
run app.package.attacksurface [package name]To get info about the activity
run app.activity.info -a [package name]To start the activity
run app.activity.start --component[package name] [activity name]To get info about providers
run app.provider.info -a [package name]To find uri for providers
run app.provider.finduri [package name]To get info from providers
run app.provider.query [uri]To check path traverssal vul in provider
run scanner.provider.traversal -a [package name]To check for Sql injection
run scanner.provider.injection -a [package name]To download a file from android device to local machine
run tools.file.download [source path] [destination path]To get info abt a service
run app.service.info -a [package name]To interact with the service
run app.service.send [package name] [service name] --msg [msg to service]To interact with broadcast receiver
run app.broadcast.send --action [action from android_manifest file] --component [package name] [broadcast reciever] --extra string[string to send like in sendind sms we can send phone number for that we need to check source for input parameter]For eg: run app.broadcast.send --action org.owasp.goatdroid.fourgoats.SOCIAL_SMS --component org.owasp.goatdroid.fourgoats org.owasp.goatdroid.fourgoats.broadcastreceivers.SendSMSNowReceiver --extra string phoneNumber 5554 --extra string message U R Just PWNED!!!!!