i Drozer – Comprehensive security and attack framework for Android. – All things in moderation

Drozer – Comprehensive security and attack framework for Android.

In this post, I would like to introduce an awesome tool named Drozer.

Drozer is a framework for Android security assessments developed by MWR Labs. Drozer helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.[1]

A workstation (in my case Windows) with the following:
– JRE or JDK
– Android SDK
– An Android device or emulator running Android 2.1 or later.(in my case Android 4.4)

Please choose the appropriate download for your platform:

drozer (Debian/Ubuntu Archive)
MD5: 901c7775fa2eb0e0c9943d380cf902a2

drozer (RPM)
MD5: debf3a5f05fc7f69cd7dc835d2642243

drozer (Python .egg)
MD5: 1ca27eba02f1a4651206f97d702b472f

drozer (Agent .apk only)
MD5: 6e6ba57a704c5a0895ac9a152d4cc399

drozer (Windows Installer) – Updated 2015-08-24
MD5: 2052f6d7271bbd524f27867d8834c17b

In Windows, we unzip file download and run file setup.exe.

Turn on Android emulator.

Check devices with adb command:

adb devices

Install agent.apk on emulator:
adb install agent.apk

To start working with Drozer for your assessments, we need to connect the Drozer console we have on the workstation and agent sitting on the emulator. To do this, start the agent on your emulator and run the following command to port forward. Make sure you are running the embedded server when launching the agent.

adb forward tcp:31415 tcp:31415

Drozer help:

We can simply run the following command to connect to the agent from the workstation.

drozer console connect

Listing out all the modules

dz> list

Shows the list of all Drozer modules that can be executed in the current session.

Retrieving package information

To list out all the packages installed on the emulator, run the following command:

dz> run app.package.list

And more command you can view in here.

[1] https://labs.mwrinfosecurity.com/tools/drozer/

Leave a Reply