Android Penetration Tools Walkthrough Series: Drozer

Drozer from MWR labs (formerly known as Mercury) is one of the most leveraged Android security frameworks for pentesting Android applications. Drozer enables scanning for security vulnerabilities in Android applications by taking the role of a native Android application and interacting with the Dalvik Virtual Machine, other applications’ IPC endpoints and the OS beneath.

The drozer build in tools enables you to use, share and understand public Android exploits. It enables you to send a drozer agent to a device through exploitation or social engineering and perform various tasks on remote devices.

Drozer is an open source tool and the source code for drozer can be found in various GitHub project repositories.

  • drozer: has the Console and server
  • drozer-agent: contains the Android Agent
  • drozer-modules: has the central drozer module repository. This is where new modules can be added and made accessible to all other researchers
  • drozer-common: has components that are shared between the Agent and Console.

The drozer tool is the combination of two key components:

  • the Agent: a lightweight Android app that runs on the device or emulator being used for testing; and
  • the Console: a command-line interface running on your PC that allows you to interact with the Dalvik VM through the Agent.

Here is the simple representation of the working of drozer.

From Version 2.0, drozer introduced the Infrastructure Mode. In this mode, the drozer Agent sets up an association outward to pass through firewalls and NAT. This allows one to create a more realistic attack. This mode requires a Server, which we will address further in this article.

  • The Server: provides a central point where consoles and agents can rendezvous and routes sessions between them.
  • These components use the drozer Protocol to exchange data.


*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Sumit Bhattacharya. Read the original post at: