In this post i will be demonstrating Drozer which is one of the essential tool in Android Application Security Assessment. It reduces the time involved in App Security Assessment.
Drozer is already installed in the Appie, if you using it then no need of installation and setup procedure.
-
First open up the Appie and the Genymotion Device.
-
Download Drozer App
-
Open the drozer application in running emulator and click the OFF button in the bottom of the app which will start a Embedded Server.
-
By default the server is listening on Port Number 31415 so in order to forward all commands of drozer client to drozer server we will use Android Debug Bridge[ADB] to forward the connections.
Type adb forward tcp:31415 tcp:31415 in the console.
-
Type drozer console connect and it will spilt the screen and open the drozer in the other part.
The above steps are needed to be done whenever we need to perform assessment through Drozer.
Now you can just type on list in the drozer console and it will list all the modules which came pre-installed with Drozer .
You can use –help switch with any of module given above to get to know more about the functionality of that particular module
For example run app.package.info –help will output
I will be describing most of the Drozer modules while exploiting vulnerable apps in the upcoming posts.