Learning Android Application Security Testing (Part4) from scratch)

Learning Android Application Security Testing (Part4) from scratch)

In this section, we will introduce a tool for analyzing Android applications. We have mentioned it in the previous section, and it is Drozer.

Drozer is a security testing framework for Android systems. It can interact with Dalivik VM, IPC endpoints of other applications, and underlying operating systems to avoid being in the development stage, or the Android applications and devices deployed in your organization expose unacceptable security risks.

Drozer provides penetration testing exploit on many Android platforms for your use and sharing. For remote vulnerabilities, Drozer can produce Shellcode to help you deploy the Drozer agent as a remote management tool to maximize the use of devices.

For details about Drozer, refer to Drozer-Android APP security evaluation tool (with test cases)‍‍.

The Drozer contains a list of modules. The Android's Inter-Process communication module can interact with Android applications.

In addition, you can install the exploits module to penetrate Android devices.

Deozer Tool

The main purpose of this section is to ensure that you are familiar with the Deozer tool and will be used frequently in future tutorials.

First, we need to install the drozercommunity edition. You must install drozerto and agent.apk at the same time (to be deployed on your device or virtual device)
After installing drozer, install agent.apk on your device or virtual device.



You can also set the port forwarding mode. In this case, your computer can connect tcpto agent.apk in the virtual device. The default port used by Drozer is 31415.



Activate the agent.apk application and start the service.



Now you can use the command to connect to the Agent.


You can use the list command to view different modules.


The parameters required by each module are different. To view the parameters of a specific module, run the following command:
Run Module name-h


For example, if you want to see which applications are installed, you can use the app. package. list module.


What should I do when I find information about a specific application? Don't worry, just use the app.package.info module. It will provide a lot of information about the application. For example, the application installation path and application permissions.



Let's review the previous section. Call the activity in the insecure bank application. We can use the app. activity. start module to complete the process.


You can see the same result


In this example, the Activity may have an intent filter.



The following is an example of using an additional parameter to call an Activity.

Run app. activity. start is a component of com. mwr. example. intenttest.

Com. mwr. example. intenttest. IntentActivity-flags ACTIVITY_NEW_TASK-extra string URL "Some Text"

In this section, we can easily understand Drozer and Drozer can do more, so you need to understand it yourself.

We will discuss the features later when we discuss vulnerabilities in InsecureBank applications.