Skip to content

Latest commit

 

History

History
70 lines (52 loc) · 2.92 KB

Drozer.md

File metadata and controls

70 lines (52 loc) · 2.92 KB
Raw

Installation

curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
sudo python2.7 get-pip.py
sudo pip2.7 install protobuf
sudo pip2.7 install pyOpenSSL
git clone https://github.com/hamcrest/PyHamcrest.git
cd PyHamcrest
sudo python3 setup.py install
cd; sudo pip2.7 install Twisted

To install Drozer, execute 1 of below command

  1). wget https://github.com/mwrlabs/drozer/releases/download/2.4.4/drozer-2.4.4-py2-none-any.whl; sudo pip2.7 install drozer-2.4.4-py2-none-any.whl
  2). pip install drozer

Setup Drozer

--> Forward Port for Connection b/w Android Server and Machine --> adb forward tcp:31415 tcp:31415 --> Connect with Server --> drozer console connect

Package List

--> run app.package.list -f

List Applications that offer Debugging functionality to User, with their Permissions and UID.

--> run app.package.debuggable

List Applications that have Backup functionality. This will also list out UID and API Key if they are Synchronize data with cloud.

--> run app.package.backup

Figure out main Activity Call Intent (Ex. Package :-: jakhar.aseem.diva)

--> run app.package.launchintent jakhar.aseem.diva

Print Andoridmanifest.xml File (Ex. Package :-: jakhar.aseem.diva)

--> run app.package.manifest jakhar.aseem.diva

List out Native Libraries (Ex. Package :-: jakhar.aseem.diva)

--> run app.package.native jakhar.aseem.diva

List out Package and its Permissions with UID (Ex. UID = 10010)

--> run app.package.shareduid -u 10010

Identify Attack Surface

--> run app.package.attacksurface

List Out Activities of that package with intent filters and intent Permissions (-i for Intents) and (-v for verbosity)

--> run app.activity.info -a -i -v

Run a specific Activity from Application

--> run app.activity.start --component

View Content Provide permission

--> run app.provider.info

View Content Provider Content

--> run app.provider.query

Content Provide Scanning for Information Leakage and Injection

--> run scanner.provider.finduris -a Find URI's --> run scanner.provider.injection -a Injection --> run scanner.provider.sqltables -a Enumerate Table Name --> run scanner.provider.traversal -a Table Traversal

List Broadcasts from Application Package (Ex. Application :-: com.android.dialer)

--> run app.broadcast.info -a com.android.dialer

Sniff Broadcasts Receiver (Ex. Action :-: AIRPLANE_MODE_CHANGE)

--> run app.broadcast.sniff --action AIRPLANE_MODE_CHANGE

Get Service List

--> run app.service.info -a -iuv