Android²âÊÔÉø͸¿ò¼ÜDrozerµÄ°²×°ÓëʹÓÃ

Ò»¡¢¼ò½é

DrozerÔ­ÃûMecury£¬ÊÇÒ»¿îÕë¶ÔAndroidϵͳµÄ¿ªÔ´°²È«²âÊÔ¿ò¼Ü¡£
DrozerÊÇÒ»¿îÓÉpython¿ª·¢µÄ¿ªÔ´¿ò¼Ü£¬Óû§¿ÉÒÔʹÓÃpythonÓïÑÔ×Ô¼º±àдģ¿é£¬Í¬Ê±ÓкܶàµÚÈý·½ÓÅÐãµÄ°²È«²âÊÔÄ£¿é¿É¹©Ê¹Óá£ÁíÒ»¿îÖªÃûµÄAndroguard¿ò¼Ü¾ÍÊÇ»ùÓÚDrozer¿ª·¢µÄ¡£

¹ÙÍø£ºhttps://labs.mwrinfosecurity.com/tools/drozer/
github£ºhttps://github.com/mwrlabs/drozer

¶þ¡¢°²×°

¹ÙÍøÌṩÁËÈý¸öƽ̨µÄdrozer°æ±¾£ºDebian/Ubuntu£¬RPM¡¢Windows¡£
Îҵݲװ»·¾³£ºwin7 64λ¡¢python 2.7¡¢JDK1.6¡£

ÔÚWindowsƽ̨°²×°DrozerÓкü¸¸ö¿Ó£º

1. ¹ØÓÚjdkµÄ°æ±¾£º±ØÐëÊÇjdk1.6£»

2. ¹ØÓÚjdkºÍdrozer°²×°Ä¿Â¼µÄ·¾¶£º²»ÄÜ°üº¬¿Õ¸ñ£¬·ñÔò»áÌáʾ³ö´í¡£¾ßÌå½â¾ö·½·¨ÈçÏ£º
   ÎÊÌ⣺
   Could not find java. Please ensure that it isinstalled and on your PATH.
   If this error persists, specify the path in the~/.drozer_config file:
   [executables]
   java = C:\path\to\java
   ½â¾ö£º
   [executables]
   java = C:\ProgramFiles\Java\jdk1.8.0_71\bin\java.exe
   javac = C:\ProgramFiles\Java\jdk1.8.0_71\bin\javac.exe
   java.exeºÍjavac.exeµÄÎļþ·¾¶°´ÒÔÉϸñʽдºÃ£¬±£´æÔÚ1.drozer_configÎļþÖУ¬ÓÃrename1.drozer_config .drozer_config½«1.drozer_configÎļþÃû¸ÄΪ.drozer_config£¬½«.drozer_configÎļþ±£´æÔÚ¡±c:\users\ÄãµÄÓû§Ãû¡±Îļþ¼ÐÏ¡£

3. ¹ØÓÚdrozer agentµÄ°æ±¾£ºÎÒ×°µÄÊÇDrozer windowsµÄ×îа汾2.3.4£¬µ«Êµ¼ÊÉÏʹÓøð汾µÄagent.apkÔÚÔËÐÐijЩģ¿éµÄʱºò»áµ¼ÖÂÓ¦ÓñÀÀ££¨Èçscanner.provider.findurisµÈ£©¡£²ÎÕÕÍøÉϵÄÎÄÕ£¬Ê¹ÓÃ2.3.3°æ±¾µÄagent.apk¿ÉÒÔ˳ÀûÔËÐУ¬¾ßÌåÔ­Òò¿ÉÄÜÐèÒªÔĶÁÔ´Âë²ÅÄÜÖªµÀÁË¡£

   agent.apk 2.3.3°æ±¾

Èý¡¢Ê¹ÓÃ

1. ½¨Á¢Á¬½Ó
   ÓëÊÖ»úagent½¨Á¢Á¬½ÓÓм¸ÖÖ·½·¨£¬ÕâÀïÃèÊöµÄÊÇÀûÓÃUSBÏßµÄÁ¬½Ó¹ý³Ì£º
   £¨1£©Ê×ÏÈ´ò¿ªÊÖ»ú¶Ëagent£¬´ò¿ª¶Ë¿Ú
   £¨2£©ÔÚPC¶ËÔËÐÐ ¡°adb forward tcp:31415 tcp:31415¡±ÃüÁî½øÐж˿Úת·¢
   £¨3£©ÔÚPC¶ËÔËÐС°drozer.bat console connect¡±ÃüÁî½øÈëÓëagent½»»¥Ä£Ê½

2. ³£ÓÃÃüÁî
   dz> list ÁгöËùÓÐÄ£¿é
   dz> run app.package.list ÔËÐÐapp.package.listÄ£¿é
   dz> run app.package.list -h ÏÔʾapp.package.listÄ£¿éµÄʹÓ÷½·¨ºÍËùÓвÎÊý

3. Drozer×Ô´øĬÈÏÄ£¿é£º

ÐòºÅ	Ä£¿éÃû³Æ	¹¦ÄÜ
1	app.activity.forintent	Find activities that can handle the given intent
2	app.activity.info	Gets information about exported activities
3	app.activity.start	Start an Activity
4	app.broadcast.info	Get information about broadcast receivers
5	app.broadcast.send	Send broadcast using an intent
6	app.broadcast.sniff	Register a broadcast receiver that can sniff particular intents
7	app.package.attacksurface	Get attack surface of package
8	app.package.backup	Lists packages that use the backup API (returns true on FLAG_ALLOW_BACKUP)
9	app.package.debuggable	Find debuggable packages
10	app.package.info	Get information about installed packages
11	app.package.launchintent	Get launch intent of package
12	app.package.list	List Packages
13	app.package.manifest	Get AndroidManifest.xml of package
14	app.package.native	Find Native libraries embedded in the application
15	app.package.shareduid	Look for packages with shared UIDs
16	app.provider.columns	List columns in content provider
17	app.provider.delete	Delete from a content provider
18	app.provider.download	Download a file from a content provider that supports files
19	app.provider.finduri	Find referenced content URIs in a package
20	app.provider.info	Get information about exported content providers
21	app.provider.insert	Insert into a Content Provider
22	app.provider.query	Query a content provider
23	app.provider.read	Read from a content provider that supports files
24	app.provider.update	Update a record in a content provider
25	app.service.info	Get information about exported services
26	app.service.send	Send a Message to a service, and display the reply
27	app.service.start	Start Service
28	app.service.stop	Stop Service
29	auxiliary.webcontentresolver	Start a web service interface to content providers
30	exploit.jdwp.check	Open @jdwp-control and see which apps connect
31	exploit.pilfer.general.apnprovider	Reads APN content provider
32	exploit.pilfer.general.settingsprovider	Reads Settings content provider
33	information.datetime	Print Date/Time
34	information.deviceinfo	Get verbose device information
35	information.permissions	Get a list of all permissions used by packages on the device
36	scanner.activity.browsable	Get all BROWSABLE activities that can be invoked from the web browser
37	scanner.misc.native	Find native components included in packages
38	scanner.misc.readablefiles	Find world-readable files in the given folder
39	scanner.misc.secretcodes	Search for secret codes that can be used from the dialer
40	scanner.misc.sflagbinaries	Find suid/sgid binaries in the given folder (default is /system)
41	scanner.misc.writablefiles	Find world-writable files in the given folder
42	scanner.provider.finduris	Search for content providers that can be queried from our context
43	scanner.provider.injection	Test content providers for SQL injection vulnerabilities
44	scanner.provider.sqltables	Find tables accessible through SQL injection vulnerabilities
45	scanner.provider.traversal	Test content providers for basic directory traversal vulnerabilities
46	shell.exec	Execute a single Linux command
47	shell.send	Send an ASH shell to a remote listener
48	shell.start	Enter into an interactive Linux shell
49	tools.file.download	Download a File
50	tools.file.md5sum	Get md5 Checksum of file
51	tools.file.size	Get size of file
52	tools.file.upload	Upload a File
53	tools.setup.busybox	Install Busybox
54	tools.setup.minimalsu	Prepare ¡®minimal-su¡¯ binary installation on the device