drozer app audit.pdfVIP

Android开源审计框架 drozer -- APP安全测试入门 Xbalien 2014/7/31 一.利用 drozer查看可以攻击的脆弱点（暴露组件）： 1、 查看 Attack Surface: run app.package.attacksurface dz run app.package.attacksurface Attack Surface: 8 activities exported 2 broadcast receivers exported 2 content providers exported 0 services exported 2、获取 app信息： run dz run -a Package: Application Label: Process Name: Version: 4.0 Data Directory: /data/data/ APK Path: /data/app/-1.apk UID: 10004 GID: [1015, 3003] Shared Libraries: null Shared User ID: null Uses Permissions: - android.permission.BAIDU_LOCATION_SERVICE - android.permission.ACCESS_NETWORK_STATE - android.permission.WRITE_EXTERNAL_STORAGE - android.permission.INTERNET - android.permission.INSTALL_PACKAGES - android.permission.VIBRATE - android.permission.READ_PHONE_STATE - android.permission.KILL_BACKGROUND_PROCESSES - android.permission.ACCESS_WIFI_STATE - android.permission.WRITE_SETTINGS - android.permission.ACCESS_COARSE_LOCATION - android.permission.ACCESS_FINE_LOCATION - android.permission.SYSTEM_ALERT_WINDOW - android.permission.SYSTEM_OVERLAY_WINDOW - android.permission.RECORD_AUDIO - android.permission.WAKE_LOCK - android.permission.CHANGE_WIFI_STATE Defines Permissions: - android.permission.BAIDU_LOCATION_SERVICE 二.intent组件触发（拒绝服务、权限提升） 利用 intent对组件的触发一般有两类漏洞，一类是拒绝服务，一类的权限提 升。拒绝服务危害性比较低，更多的只是影响应用服务质量；而权限提升将使得 没有该权限的应用可以通过 intent触发享有该权限的应用，从而帮助其完成越权 行为。 1.查看暴露的广播组件信息： run dz run -a -i Package: Receiver: .receiver.AlarmReceiver Intent Filter: Actions: - ent.action.PUSH_MESSAGE Intent Filter: Actions: - ent.action.DOWNLOAD_NOTIFICATION_CLICKED - ent.action.DOWNLOAD_COMPLETE Intent Filter: Actions: - ent.action.alarm - ent.action.BOOT Permission: null Receiver: .receive