Android Application Security Testing Part-15: DROZER

DROZER

·         Drozer is the leading security assessment framework for the Android platform

·         Drozer allows you to assume the role of an Android app and interact with other apps.

·         It can do anything that an installed application can do, such as make use of Android’s Inter - Process Communication (IPC) mechanism and interact with the underlying operating system

·         Drozer also help s to you to remotely exploit Android devices, by building malicious files or web pages that exploit known vulnerabilities. The payload that is used in these exploits is a rogue Drozer agent that is essentially a remote administration tool. Depending on the permissions granted to the vulnerable app, drozer can install a full agent, inject a limited agent into the process using a novel technique or spawn a reverse shell.

·         Drozer is open source software, released under a BSD license and maintained by MWR InfoSecurity

How Drozer works?

Drozer is based on a client-server architecture.

·         Agent : A lightweight Android application that runs on the device or emulator being used for testing. There are two versions of the agent, one that provides a user interface and embedded server and another that does not contain a graphical interface and can be used as a Remote Administration Tool on a compromised device.

·         Console : A command-line interface running on your computer that allows you to interact with the device through the agent.

·         Server :  Provides a central point where consoles and agents can rendezvous, and routes sessions between them.

Useful Links:

·        https://mwrinfosecurity.com/assets/BlogFiles/mwri-drozer-user-guide-2015-03-23.pdf

·         https://labs.mwrinfosecurity.com/tools/drozer

· http://resources.infosecinstitute.com/android-hacking-security-part-13-introduction-drozer/