内容纲要

安装

https://www.cnblogs.com/lsdb/p/9441813.html

adb install drozer.apk
adb forward tcp:31415 tcp:31415
python2 drozer console connect

基本用法

in the path including drozer.bat

#TCP port forward
adb forward tcp:31415 tcp:31415
#drozer connect in Linux
drozer console connect
#drozer connect in Windows
drozer.bat console connect
#real device: the IP address of the device on the network must be specified
#linux
drozer console connect --server 192.168.0.10
#Windows
drozer.bat console connect --server 192.168.0.10
#activity information
run app.activity.info -a com.packageName
#list services exported
run app.service.info -a com.packageName
#list broadcast reciever
run app.broadcast.info -a com.packageName
#list content providers exported 
run app.provider.info -a com.packageName
#list uris corresponding providers
run scanner.provider.finduris -a com.packageName
#provider files
run scanner.provider.traversal -a com.packageName
#provider sql injection
run scanner.provider.injection
#attack surface
run app.package.attacksurface com.packageName

image-20211007020023775

image-20211007020036457

一些报错

No module named drozer.cli.console

将环境变量的用户变量的PYTHONPATH改为drozer.bat的目录路径

python编译器选为默认环境路径下的python2

报错crypto version问题

未开启drozer进行drozer console connect会报错crypto问题,然而实际上是没有连接的原因

步骤

adb forward tcp:31415 tcp:31415转发端口

模拟器\手机打开drozer

drozer.bat console connect(python2)

命令相关API

获取导出的providers

命令:run app.provider.info -a com.packageName

源码路径:modules/app/provider/info.__get_providers

获取providers相关的uris

命令:run scanner.provider.finduris -a com.packageName

源码路径:modules/scanner/provider/find_uris.FindUris.findAllContentUris

查看uri是否泄露

命令:run app.provider.query uri --vertical

源码路径:modules/app/provider/Query.contentResolver.query