UNDERCODE COMMUNITY

🦑 Drozer is a security assessment framework for Android apps, developed by MWR InfoSecurity (now part of F-Secure). It's used by penetration testers to assess Android applications for vulnerabilities. Here's a hacking tutorial for using Drozer to identify vulnerabilities in Android apps.

---

## Prerequisites
1. Install Drozer:
Drozer consists of two components:
- Agent (installed on the Android device)
- Console (run on your host machine)

Download the Drozer agent APK from [official GitHub](https://github.com/FSecureLABS/drozer) and install it on your Android device. Install the Drozer console using:

   sudo apt install python3-pip
   pip3 install drozer

2. Setup ADB:
Install Android Debug Bridge (ADB) to connect your Android device to your computer.

   sudo apt install adb

3. Rooted Device (Optional but Recommended):
Drozer can operate on non-rooted devices but works best with root privileges.

4. Enable USB Debugging:
Go to Settings > Developer Options > USB Debugging on your Android device.

---

## Step 1: Setting Up the Environment
1. Connect the Android Device:
Use ADB to ensure your device is detected:

   adb devices

2. Forward the Drozer Port:
Drozer communicates with the agent over port 31415. Forward this port using ADB:

   adb forward tcp:31415 tcp:31415

3. Start the Drozer Agent:
Launch the Drozer agent app on your Android device and click "Start Server".

4. Launch Drozer Console:
On your host machine, open the Drozer console:

   drozer console connect

---

## Step 2: Reconnaissance
Drozer has a modular design, with commands categorized into packages. Start by gathering basic information.

1. List Installed Packages:

   run app.package.list

2. Find Specific Apps:
Search for apps by keyword, e.g., for "vulnerable":

   run app.package.list -f vulnerable

3. Get Detailed App Information:
Get information about an app, such as permissions and activities:

   run app.package.info -a com.example.vulnerableapp

---

## Step 3: Exploit Common Vulnerabilities
Drozer can be used to test various vulnerabilities, including exported activities, insecure file storage, and SQL injection.

### 1. Test Exported Components
Exported components can be accessed by any app on the device. Drozer identifies and interacts with these components.

#### Activities:
List exported activities:

run app.activity.info -a com.example.vulnerableapp

Launch an exported activity:

run app.activity.start --component com.example.vulnerableapp com.example.vulnerableapp.MainActivity

#### Services:
List exported services:

run app.service.info -a com.example.vulnerableapp

Interact with a service:

run app.service.send --component com.example.vulnerableapp com.example.vulnerableapp.MyService

#### Content Providers:
Identify content providers and their permissions:

run app.provider.info -a com.example.vulnerableapp

Query content providers for data:

run app.provider.query content://com.example.vulnerableapp.provider/data

### 2. SQL Injection
Test content providers for SQL injection by manipulating query inputs:

run app.provider.query content://com.example.vulnerableapp.provider/data --projection "' OR '1'='1"

### 3. Insecure Data Storage
Check for sensitive data in app directories:

run scanner.misc.filebrowser -a com.example.vulnerableapp

### 4. Check for Debuggable Apps
Some apps are left in debuggable mode, exposing them to reverse engineering:

run app.package.debuggable

---

## Step 4: Automation and Exploit Modules
### Use Drozer's built-in exploit modules:
1. Scan for Known Vulnerabilities:

   run scanner.provider.injection -a com.example.vulnerableapp

2. Check for World-Readable Files:

   run scanner.misc.world_readable_files

---

## Step 5: Generate Reports
Keep logs of your findings for documentation:

drozer console connect > output.log

---

18 viewsUNDERCODER, 13:20

UNDERCODE COMMUNITY

Forwarded from Exploiting Crew (Pr1vAt3)

### Note:
This tutorial is intended for educational purposes only. Testing applications without explicit permission is illegal and unethical. Always adhere to your organization's policies or get consent from app owners before performing assessments.

---

Let me know if you'd like help with specific Drozer commands or use cases!

GitHub

GitHub - ReversecLabs/drozer: The Leading Security Assessment Framework for Android.

The Leading Security Assessment Framework for Android. - ReversecLabs/drozer

15 viewsUNDERCODER, 13:20

About

Blog

Apps

Platform