Dynamic Application Testing - Part 2

Intro to Drozer

Test interaction of app with other apps on the phone
Uses the client-server model to exploit the interprocess communication (IPC)
Drozer Console (Runs on the workstation) and Drozer Agent (Runs on the android device)
Test for exposed app components

Drozer Architecture

Drozer Setup

Steps to start a drozer session

Download and extract exercise file
Agent and sieve APK already present in the exercise files

On CMD/Terminal

Install agent and target app

adb devices

adb install agent.apk

adb install seive.apk

adb forward tcp:31415 tcp:31415

On Device/Emulator

Start embedded server

On CMD/Terminal

drozer console connect

Sieve application overview

Open the application for the first time
Create a Password
Create a PIN
Sign in using the Password

Drozer Commands

Find the application package name

dz> run app.package.list -f sieve

Package Info

dz> run app.package.info -a <package name>

Identify Attack Surface

dz> run app.package.attacksuface <package name>

Activity Testing

Find Activities

dz> run app.activity.info -a <package name>

Access an Activity

dz> run app.activity.start --component <package name> <activity name>

Content Provider Testing

Get basic information of content providers

dz> run app.provider.info -a <package name>

Access URIs

dz> run scanner.provider.finduris -a <package name>

dz> run app.provider.query <URI>

Content Provider Testing : SQL Injection

Test for SQL injection

dz> run scanner.provider.injection -a <package name>

Verfiy the presense of SQL injection

dz> run app.provider.query <URI> --projection "'"

dz> run app.provider.query <URI> --selection "email='<email address>'"

PreviousPlatform Interaction Testing NextOWASP Top 10

Last updated 2 years ago

hashtagIntro to Drozer

hashtagDrozer Architecture

hashtagDrozer Setup

hashtagSteps to start a drozer session

hashtagOn CMD/Terminal

hashtagOn Device/Emulator

hashtagOn CMD/Terminal

hashtagSieve application overview

hashtagDrozer Commands

hashtagFind the application package name

hashtagPackage Info

hashtagIdentify Attack Surface

hashtagActivity Testing

hashtagFind Activities

hashtagAccess an Activity

hashtagContent Provider Testing

hashtagGet basic information of content providers

hashtagAccess URIs

hashtagContent Provider Testing : SQL Injection

hashtagTest for SQL injection

hashtagVerfiy the presense of SQL injection

Intro to Drozer

Drozer Architecture

Drozer Setup

Steps to start a drozer session

On CMD/Terminal

On Device/Emulator

On CMD/Terminal

Sieve application overview

Drozer Commands

Find the application package name

Package Info

Identify Attack Surface

Activity Testing

Find Activities

Access an Activity

Content Provider Testing

Get basic information of content providers

Access URIs

Content Provider Testing : SQL Injection

Test for SQL injection

Verfiy the presense of SQL injection