Dynamic Application Testing - Part 2
Intro to Drozer
Test interaction of app with other apps on the phone
Uses the client-server model to exploit the interprocess communication (IPC)
Drozer Console (Runs on the workstation) and Drozer Agent (Runs on the android device)
Test for exposed app components
Drozer Architecture

Drozer Setup
Steps to start a drozer session
Download and extract exercise file
Agent and sieve APK already present in the exercise files
On CMD/Terminal
Install agent and target app
adb devices
adb install agent.apk
adb install seive.apk
adb forward tcp:31415 tcp:31415
On Device/Emulator
Start embedded server
On CMD/Terminal
drozer console connect
Sieve application overview
Open the application for the first time
Create a Password
Create a PIN
Sign in using the Password
Drozer Commands
Find the application package name
dz> run app.package.list -f sieve
Package Info
dz> run app.package.info -a <package name>
Identify Attack Surface
dz> run app.package.attacksuface <package name>
Activity Testing
Find Activities
dz> run app.activity.info -a <package name>
Access an Activity
dz> run app.activity.start --component <package name> <activity name>
Content Provider Testing
Get basic information of content providers
dz> run app.provider.info -a <package name>
Access URIs
dz> run scanner.provider.finduris -a <package name>
dz> run app.provider.query <URI>
Content Provider Testing : SQL Injection
Test for SQL injection
dz> run scanner.provider.injection -a <package name>

Verfiy the presense of SQL injection
dz> run app.provider.query <URI> --projection "'"
dz> run app.provider.query <URI> --selection "email='<email address>'"
Last updated
Was this helpful?