1. Installation

Update 19 Feb 2019

  pip install virtualenv
  virtualenv venv2
  source venv2/bin/activate
  pip install protobuf
  pip install Twisted
  // download installation binary from https://labs.mwrinfosecurity.com/tools/drozer/
  pip install drozer-2.4.4-py2-none-any.whl

End of Update 19 Feb 2019

For python projects, please use virtualenv

$ pip install virtualenv
// Below two might not be necessary. Skip them.
$ easy_install --allow-hosts pypi.python.org protobuf 
$ easy_install twisted==10.2.0

// Please dont use 2.3.4
// 写该文的时候(Apr 3 2017), 2.3.4有 bug(https://github.com/mwrlabs/drozer/issues/155), 不能安装
// 从 https://github.com/mwrlabs/drozer/releases下载更新版本.
$ easy_install ./drozer-2.x.x-py2.7.egg

Mac客户端与apk 版本,不需要一致.

2. Tutorial

Tutorial: Drozer Offical Page

Start drozer

➜  ~ cd Project/tools/android/drozer
➜  drozer source venv/bin/activate
(venv) ➜  adb forward tcp:31415 tcp:31415
(venv) ➜  drozer drozer console connect

Get package name

dz> run app.package.list -f <abc> 

Get manifest.xml

dz> run app.package.manifest <your_app>

还可以使用 apktool

apktool d your_app.apk


unzip apk

java -jar axmlprinter.jar AndroidManifest.xml > nino.xml


Check if debuggable

dz> run app.package.attacksurface <your_app>
Attack Surface:
  1 activities exported
  2 broadcast receivers exported
  0 content providers exported
  0 services exported
    is debuggable

3. Bonus

List installed packages

$ pip freeze


Show Comments