Wednesday, July 22, 2020

Drozer installation and setup on Windows


Drozer

Drozer is a leading security testing framework for android/ios mobile applications. It can be run on Linux and also on Windows platforms. To obtain the full functionality of the framework you need to install the Drozer agent on your mobile device.

Prerequisites

  1. Python2.7
Please make sure to add the Python installation and Python script, directory path to the PATH environment variables in your system.
  1. Protobuf 2.6 or greater
  2. Pyopenssl 16.2 or greater
  3. Twisted 10.2 or greater
  4. Java Development Kit 1.7
  5. Android Debug Bridge

Installing

Building for Windows

Windows Defender will flag Drozr as a malware, make sure you to disable Defender or make a exception rule in Windows defender for Drozer

git clone https://github.com/mwrlabs/drozer/
cd drozer
python.exe setup.py bdist_msi

Installing .msi

Run dist/drozer-2.x.x.win-x.msi

Usage

Installing the Agent

Drozer can be installed using Android Debug Bridge (adb).

adb install drozer-agent-2.x.x.apk

you can also open the .apk file on the mobile device/emulator to install it in the mobile device). Either email the .apk to yourself or put the .apk into the phone storage to access the agent through mobile device.

Starting a Session

After installing drozer Console on your PC, and having the agent running on your test device you need to connect the two to do security testing.
We will use the server embedded in the drozer Agent to do this.
If using the Android emulator, you need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the agent inside the emulator, or on the device. By default, drozer uses port 31415:

adb forward tcp:31415 tcp:31415

By default drozer agent uses port 31415 therefore either you use an emulator or android mobile device, you will be using port 31415 by default
Now, launch the Agent, select the “Embedded Server” option and tap “Enable” to start the server. You should see a notification that the server has started.
Then, on your PC, connect using the drozer Console:

drozer.bat console connect

if you are connecting to a real device using a usb connection you need to enable debug mode within settings/developer options on your device. when you run “drozer console connect” you maybe prompted for permission on the mobile device, you need to give permission to make the connection

drozer.bat console connect --server 192.168.0.10

You should be presented with a drozer command prompt:

selecting f75640f67144d9a3 (unknown sdk 4.1.1) 
dz>
By
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)