Update drozer tooling page (MASTG-TOOL-0015.md) #2614
Conversation
There was a problem hiding this comment.
Thank you for the pull request @cyberMilosz! This is a nice update for drozer. Please find a few comments and suggestions below. Let me know if any questions.
|
|
||
| The advantage of using drozer consists on its ability to automate several tasks and that it can be expanded through modules. The modules are very helpful and they cover different categories including a scanner category that allows you to scan for known defects with a simple command such as the module `scanner.provider.injection` which detects SQL injections in content providers in all the apps installed in the system. Without drozer, simple tasks such as listing the app's permissions require several steps that include decompiling the APK and manually analyzing the results. | ||
| drozer helps to reduce the time taken for Android security assessments by automating tedious and time-consuming tasks. It allows testers and reverse-engineers to: |
There was a problem hiding this comment.
| drozer helps to reduce the time taken for Android security assessments by automating tedious and time-consuming tasks. It allows testers and reverse-engineers to: | |
| drozer can be used during Android security assessments to automate tasks. It allows testers and reverse-engineers to: |
There was a problem hiding this comment.
Lets please be objective and don't use phrases such as "reduces the time" etc.
|
|
||
| You can refer to [drozer GitHub page](https://github.com/FSecureLABS/drozer "Drozer on GitHub") (for Linux and Windows, for macOS please refer to this [blog post](https://fi5t.xyz/en/posts/drozer-on-mac/ "(not)Unique experience blog - Installing Drozer on macOS Catalina")) and the [drozer website](https://labs.withsecure.com/tools/drozer/ "Drozer Website") for prerequisites and installation instructions. | ||
| drozer runs both in Android emulators and on real devices. It does not require USB debugging or other development features to be enabled; so you can perform assessments on devices in their production state to get better results. |
There was a problem hiding this comment.
What do you mean with "better results"? Do you mean that as the testing environment is a non-rooted device the test case executed could simulate a real attack like from a threat actor without having a rooted phone as pre-requisite?
| drozer runs both in Android emulators and on real devices. It does not require USB debugging or other development features to be enabled; so you can perform assessments on devices in their production state to get better results. | |
| drozer runs both in Android emulators and on real devices. It does not require USB debugging or other development features to be enabled; so you can perform assessments on devices in their production state to simulate attacks. |
|
|
||
| ## Using Drozer | ||
| You can easily extend drozer with additional modules to find, test and exploit other weaknesses; this, combined with scripting possibilities, helps to automate regression testing for security issues. |
There was a problem hiding this comment.
Let's be objective.
| You can easily extend drozer with additional modules to find, test and exploit other weaknesses; this, combined with scripting possibilities, helps to automate regression testing for security issues. | |
| You can extend drozer with additional modules to find, test and exploit other weaknesses; this, combined with scripting possibilities, helps to automate regression testing for security issues. |
|
|
||
| Before you can start using drozer, you'll also need the drozer agent that runs on the Android device itself. Download the latest drozer agent [from the GitHub releases page](https://github.com/FSecureLABS/drozer/releases/ "drozer GitHub releases") and install it with `adb install drozer.apk`. | ||
| ## Installing drozer |
There was a problem hiding this comment.
As part of the refactoring for the MASTG we would like to link to the tools documentation as much as possible to avoid redundancies. This is to avoid that if there are changes in the installation process that we have outdated information in the MASTG. Then it only need to be changed in the documentation of the tool. Can you therefore please remove the content of "## Installing drozer" till "### Example usage" and replace it with a short sentence and link where the installation information can be found? It seems it's mainly the readme.md in the drozer repo that has all this information available about the installation. So you might want to loo to this file or another URL that you think is more appropriate.
The "### Example usage" should remain as it shows some basic usages.
| - [Official drozer User Manual](https://labs.withsecure.com/tools/drozer "drozer User Manual") | ||
| - [drozer GitHub page](https://github.com/WithSecureLabs/drozer "GitHub repo - drozer") | ||
| - [drozer Agent GitHub page](https://github.com/WithSecureLabs/drozer "GitHub repo - drozer-agent") |
There was a problem hiding this comment.
This is the same URL as the link before. I would suggest to remove it.
|
|
||
| You can learn more about how intents are created by running `help intents` | ||
|
|
||
| #### Further information |
There was a problem hiding this comment.
This link is already used in "### Example usage". Can you remove this short section and merge it with "### Example usage"?
|
|
||
| # Send a message to a Broadcast receiver | ||
| $ dz> run app.broadcast.send --action (broadcast receiver name) -- extra (number of arguments) | ||
| When calling `app.activity.start`, you can build a much more complex intent. As with all drozer modules, you can request more usage information: |
There was a problem hiding this comment.
| When calling `app.activity.start`, you can build a much more complex intent. As with all drozer modules, you can request more usage information: | |
| When calling `app.activity.start`, you can build a much more complex intent. As with all drozer modules, you can request more usage information by using the command `help`: |
| usage: run app.activity.start [-h] [--action ACTION] [--category CATEGORY [CATEGORY ...]] [--component PACKAGE COMPONENT] [--data-uri DATA_URI] [--extra TYPE KEY VALUE] [--flags FLAGS [FLAGS ...]] [--mimetype MIMETYPE] | ||
| ``` | ||
|
|
||
| You can learn more about how intents are created by running `help intents` |
There was a problem hiding this comment.
| You can learn more about how intents are created by running `help intents` | |
| You can learn more about how intents are created by running `help intents`. |
This is the first PR triggered by #2598. It focuses on rewriting the tool page itself, making sure it's accurate and removing outdated references.
Further work will need to be done to restore drozer instructions that were removed from the main MASTG body. As a result, #2598 should stay open for now.