drozer (formerly Mercury) is the leading security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR's advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).
How to use with AndroidTamer
Drozer is already pre configured within AndroidTamer. However there are some steps required before starting drozer.
- We need to start device / emulator and connect that to the AndroidTamer Machine.
- Once device connected we need to install a drozer_client APK.
- Download the client APK from the official website
android@tamer ~/Downloads> adb install ./drozer-agent-2.3.4.apk
- Once device shows that the apk is installed then we are ready to use drozer
- To start using drozer type following
android@tamer ~> drozer_start <device_name>
Dynamic Assessment via Drozer
Drozer at this point doesn't provide html/xml style reporting, instead the report output is directly provided to the console.
AndroidTamer has a build in script which will automatically run all the modules that are available in drozer and will give you a textual output on screen. Its advised to save the output in a text file for further / delayed analysis.
android@tamer ~> drozer_check <package name> <device_name>
Question: Why am I getting error "Magic number incorrect" ?
Answer: You are running drozer on a x86 machine or genymotion emulator. There is a known issue and that's the reason why you get those errors. Refer here
Question: Drozer caused errors