Drozer is a framework for Android security assessments developed by MWR Labs. It is one of the best Android security assessment tools available for Android Security Assessments. In this blog, we will discuss some basic concepts related to Drozer.
Figure 1: Setting up Drozerlab
Figure 2: Starting the session
Drozer has a list of modules for interactive with android devices. Each module implements a very specific function, which lists down all the packages installed on the device. For example- ‘list’ shows a list of modules present in the current session.
Figure 3: Drozermodules
Once Drozer is installed and the session between the device and PC is established, we can use Drozer for conducting security assessment activities. In this blog, we will be using the ‘Sieve’ vulnerable android application for finding out vulnerable activities and content providers and further exploit them.
First step for finding out any vulnerable android components is finding out package-related information.
Commands:
Figure 4.1: Retrieve package information
The second step is finding out the attack interface, i.e how many activities, content providers, etc. are exported.
Command:
Figure 4.2: Identify attack interface
The third step is finding out information related to activities that are exported to true and then launch them. If you can launch activities, which can be accessed only after authentication then you are successfully able to bypass the authentication. Sometimes, directly accessing any activity will give you access to sensitive information, for example – passwords, API keys, etc.
Command:
Figure 4.3.1: Identify activities
Command:
Figure 4.3.2: Launch activities
Here is another example, using ‘Diva’ vulnerable android application. In this application, we were able to access sensitive information (API Credentials) by launching the activities directly without any authentication.
Commands:
Figure 4.3.3: Identify and launch activities
In the fourth step, we will see how to find out information related to content providers and the permissions required to launch them.
Command
Figure 4.4: Identify content providers
Drozer provides a scanner module that brings together various ways to guess paths and a list of accessible content URIs.
Command:
Figure 4.5: Identify content URI’s
In this step, we will see how to query a content provider and find out the sensitive information stored in it. In the given example, we were able to find out user id, password, and pin-related information in the application. Drozer also provides scanners to find out SQL injection vulnerabilities in content providers. We can use the scanners and can further explore SQL injection in vulnerable applications.
Commands:
Figure 4.6.1: Query content provider
Figure 4.6.2: Query content provider
Figure 4.6.3: SQL injection in content providers
Figure 4.6.4: SQL injection in content providers
Figure 4.6.5: SQL injection in content providers
Drozer is an easy-to-use framework for quickly identifying weaknesses and possible vulnerabilities on Android-based applications. In this blog, we checked how to find out vulnerabilities related to vulnerable android components however, the framework still has various interestingly looking functionalities like getting the reverse shell, file upload, and download and writing you own Drozer module which can be explored further.
Author,
Prashasti Rikhari
Attack & PenTest Team
Varutra Consulting Pvt. Ltd.
Abstract In the rapidly advancing landscape of quantum computing, the potential for revolutionary processing power…
Introduction In the era of digitalization, data security has become a paramount concern. Every day,…
I.Introduction Bluetooth has become an integral technology for billions of smartphones, computers, wearables, and other…
I. Introduction In today's ever-evolving cybersecurity landscape, staying ahead of adversaries has become a challenge.…
Introduction In an increasingly interconnected world, the financial industry is becoming more vulnerable to cyber…
Introduction In today's interconnected world, where smartphones are an extension of our lives, ensuring the…