Dynamic Application Testing - Part 2
Intro to Drozer
Test interaction of app with other apps on the phone
Uses the client-server model to exploit the interprocess communication (IPC)
Drozer Console (Runs on the workstation) and Drozer Agent (Runs on the android device)
Test for exposed app components
Drozer Architecture
Drozer Setup
Steps to start a drozer session
Download and extract exercise file
Agent and sieve APK already present in the exercise files
On CMD/Terminal
Install agent and target app
adb forward tcp:31415 tcp:31415
On Device/Emulator
Start embedded server
On CMD/Terminal
drozer console connect
Sieve application overview
Open the application for the first time
Create a Password
Create a PIN
Sign in using the Password
Drozer Commands
Find the application package name
Package Info
Identify Attack Surface
Activity Testing
Find Activities
Access an Activity
Content Provider Testing
Get basic information of content providers
Access URIs
Content Provider Testing : SQL Injection
Test for SQL injection
Verfiy the presense of SQL injection
Last updated