Drozer is a mobile security audit and attack framework, maintained by MWR InfoSecurity. It is a must-have tool in the tester's armory. Drozer (Android installed application) interacts with other Android applications via IPC (Inter Process Communication). It allows fingerprinting of application package-related information, its attack surface, and attempts to exploit those. Drozer is an attack framework and advanced level exploits can be conducted from it. We use Drozer to find vulnerabilities in our applications.
Install Drozer by downloading it from https://www.mwrinfosecurity.com/products/drozer/ and follow the installation instructions mentioned in the user guide.
Install Drozer console agent and start a session as mentioned in the User Guide.
If your installation is correct, you should get Drozer command prompt (dz>
).
You should also have a few vulnerable applications as well to analyze. Here we chose OWASP GoatDroid...