Edit

Dynamic Application Testing - Part 2

Intro to Drozer

  • Test interaction of app with other apps on the phone

  • Uses the client-server model to exploit the interprocess communication (IPC)

  • Drozer Console (Runs on the workstation) and Drozer Agent (Runs on the android device)

  • Test for exposed app components

Drozer Architecture

Drozer Setup

Steps to start a drozer session

  • Download and extract exercise file

  • Agent and sieve APK already present in the exercise files

On CMD/Terminal

  • Install agent and target app

  • adb forward tcp:31415 tcp:31415

On Device/Emulator

  • Start embedded server

On CMD/Terminal

  • drozer console connect

Sieve application overview

  • Open the application for the first time

  • Create a Password

  • Create a PIN

  • Sign in using the Password

Drozer Commands

Find the application package name

Package Info

Identify Attack Surface

Activity Testing

Find Activities

Access an Activity

Content Provider Testing

Get basic information of content providers

Access URIs

Content Provider Testing : SQL Injection

Test for SQL injection

Verfiy the presense of SQL injection

PreviousPlatform Interaction TestingNextOWASP Top 10

Last updated

Was this helpful?