Drozer installation and use of--android penetration testing

First,DrozerInstall package

put Drozer Toolkit drozer-installer-2.3.4.zip to see the directory after decompression, where setup.exe files are installed on the PC , the agent.apk is installed in a mobile phone simulator or mobile phone.

Second,Pcinstalled on top of the machine

on the PC machine directly click on the Setup.exe for a fool-type installation, the program is installed by default under "C:\drozer", installed as shown below:

Third, installationagent.apkto the phone simulator

use the ADB tool to install "agent.apk" into the getaway simulator. First make sure the ADB and the getaway simulator are connected, and then use the "adb install agent.apk" command to install

The above tip Success instructions have been installed successfully, now go back to the getaway simulator to see that the Drozer agent has been installed

Iv. inAndroid-side settings enabled"Drozer Agent"

run Drozer, and then click Embedded Server

Click Enable to start drozer Server

v. EnablingPC Drozermobile phone simulator with Carefree tourDrozer AgentCommunication

in the In the Drozer directory of the PC, enter the following command,

C:\DROZER>ADB forward tcp:31415 tcp:31415

here drozer Server silently listens to the 31415 port, so needs to communicate with the 31415 port on the host computer, the ADB execution command is called on the local PC : adb forward tcp:31415 tcp:31415 for Port forwarding

then run drozer console connectwith the following "dz>" prompt stating that the communication was successful.

Six,DrozerSpecific Use1, find all terminal equipmentAPKInformation

command:run app.package.list

as follows :

2, filter by keyword to match the display

command:run app.package.list-f settings

meaning:-F is the filter meaning, by the following keyword filter to match the display.

As follows:

3, view the specifiedapkinformation, such as view Baidu mapAppof Information

command:run App.package.info-a Com.mwr.example.sieve

As follows:

4, findAPKpresence of attack surface

command:run App.package.attacksurface Com.baidu.BaiduMap

Meaning: Find APK Presence Attack surface (activity,content,provider,service)

As follows:

5, GetActivityInformation

command:run App.activity.info-a Com.mwr.example.sieve

meaning: Getting activity Information

As follows:

6, startActivity

command:run App.activity.start--component com.mwr.example.sieve com.mwr.example.sieve.FileSelectActivity

How to use:run App.activity.start--component package name activity Component Name

Help App.activity.start command when viewing the use of the App.activity.start command

：

after executing the above command, The Getaway simulator pops up an activitysuch as:

6, GetContent ProviderInformation

command:run App.provider.info-a Com.mwr.example.sieve

：

7, get all the accessibleUri--Content Providers(data leakage)

command:run scanner.provider.finduris-a Com.mwr.example.sieve

：

8, get eachUrithe data-Content Providers(data leakage)

Command:

Run App.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords

As below, the data is obtained.

Command:

Run App.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords –vertical

Add "--vertical" to show results only

9, DetectionSqlinjected

command:run scanner.provider.injection-a Com.mwr.example.sieve

As follows:

10, detecting directory traversal

command:run scanner.provider.traversal-a Com.mwr.example.sieve

As follows:

11, DrozerCommand Daquan Reference

website:http://blog.csdn.net/cch139745/article/details/53691123

Drozer installation and use of--android penetration testing