Dynamic Application Testing - Part 2

Intro to Drozer

  • Test interaction of app with other apps on the phone

  • Uses the client-server model to exploit the interprocess communication (IPC)

  • Drozer Console (Runs on the workstation) and Drozer Agent (Runs on the android device)

  • Test for exposed app components

Drozer Architecture

Drozer Setup

Steps to start a drozer session

  • Download and extract exercise file

  • Agent and sieve APK already present in the exercise files

On CMD/Terminal

  • Install agent and target app

adb devices

adb install agent.apk

adb install seive.apk

  • adb forward tcp:31415 tcp:31415

On Device/Emulator

  • Start embedded server

On CMD/Terminal

  • drozer console connect

Sieve application overview

  • Open the application for the first time

  • Create a Password

  • Create a PIN

  • Sign in using the Password

Drozer Commands

Find the application package name

dz> run app.package.list -f sieve

Package Info

dz> run app.package.info -a <package name>

Identify Attack Surface

dz> run app.package.attacksuface <package name>

Activity Testing

Find Activities

dz> run app.activity.info -a <package name>

Access an Activity

dz> run app.activity.start --component <package name> <activity name>

Content Provider Testing

Get basic information of content providers

dz> run app.provider.info -a <package name>

Access URIs

dz> run scanner.provider.finduris -a <package name>
dz> run app.provider.query <URI>

Content Provider Testing : SQL Injection

Test for SQL injection

dz> run scanner.provider.injection -a <package name>

Verfiy the presense of SQL injection

dz> run app.provider.query <URI> --projection "'"
dz> run app.provider.query <URI> --selection "email='<email address>'"

PreviousPlatform Interaction TestingNextOWASP Top 10

Last updated