Drozer--androidapp Security Assessment Tool

Source: Internet
Author: User
Tags sqlite database



0x00: Preface



There are many application flaws in Android apps, and in many cases they need to be evaluated securely, andDrozer is one of the best tools. Here an app is sieve(a password manager), and its own flaws can be used as a test sample.






0x01:



Install sieve backward to configure the password, PIN code, any need to add a password to manage the information









0x02: Installing Drozer



  Tips: My platform is windows, there are several pits when installing



Download the Drozer after installation, follow up to the Drozer directory run drozer.bat, shown below is the installation success






Then in the downloaded Drozer folder there is a agent.apk file, install it on the phone and run the following






Then adb forward tcp:31415 tcp:31415 forward






The following will be displayed when running drozer console Connect



  



Solution:



Create a . drozer_config file under the Drozer directory that cannot be created directly under Windows. Start with the file by creating a 1 first. Drozer_config file , and then modify it with the Rename command)



Add the following lines (where the paths are Java and Javac)



    [Executables]
Java=f:\java\jdk1.8.0_66\bin\java.exe
Javac=f:\java\jdk1.8.0_66\bin\javac.exe



It is created and then run, and is displayed as follows: Run successfully



(If Erron 10061 or Erron 10054 appears, see:http://blog.csdn.net/ksr12333/article/details/39181057)



  






0x03: Demo Drozer How to evaluate apps



(1) You can first list all package names run App.package.list-f sieve here is not all listed, with the-f keyword can filter the app you want to test



  



Get basic information (for example: Sieve version, permission information, user ID, group ID, data directory, etc.)



  Run App.package.info-a Com.mwr.example.sieve



  



(2) itentify the Attack Surface (Confirm attack surface) Run App.package.attacksurface com.mwr.example.sieve



  



Debuggable lets us use ADB bindings to monitor the app




  



Start Activity run app.activity.start–-component com.mwr.example.sieve com.mwr.example.sieve.PWList( Pwlist is a password list class package, so run it)



  



(3) SQL injection



SQL statements can be injected into the content provider with the projection and selection parameters



  Run app.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords/--projection ""



  



The error here indicates that it can be injected. Continue with run app.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords/--selection ""



  



  With run app.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords/--projection "* from key;- command to select a specific table to list.



This is based on the Android operating system recommended to use SQLite database to store user data. The SQLite database uses SQL statements, so SQL injection is possible.



(4) get information from content provider



  Run App.provider.info-a Com.mwr.example.sieve



  



You can see the content Provider specific information, permissions, etc.



View the URIof the Content Provider (data disclosure)



  Run Scanner.provider.finduris-a Com.mwr.example.sieve



  



We try to view specific information run App.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords/–-vertical



  



You can see the encrypted password and set the information



(5) detecting the presence of traversal file vulnerabilities



  Run Scanner.provider.traversal-a Com.mwr.example.sieve



  



The above section is a relatively simple demonstration of the basic usage of drozer, in more detail see the official documentation:



  Https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-drozer-user-guide-2015-03-23.pdf



  



0x04: summary



Drozer's powerful evaluation capabilities (SQL injection detection, Content provider detection, traversal of file vulnerabilities, and the ability to capture sensitive information based on vulnerabilities) provide us with a great deal of help in handling an app, and we want to share it with all our friends who love Android security. If there is any place not written right, hope to correct.






0x05: Reference



  Drozer security assessment for Android apps



Drozer--androidapp Security Assessment Tool


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.