[ad_1]
Drozer is an open-source security testing framework for Android whose main purpose is to ease the work of mobile application security testers.
Features of the drawer
The solution assumes the role of an app and facilitates interaction with the Dalvik VM, other apps’ IPC endpoints, and the operating system to help identify security vulnerabilities in applications and devices.
“When performing a security assessment, you must consider whether other device apps could maliciously interact with the target app. Traditionally, this is done by creating a proof-of-concept application and This was done by installing on the same device and changing this application for each test scenario. This was time consuming and required the application to be changed, recompiled, and installed on the device each time. Drozer simplifies this process. Rather than creating a custom app for each test, testers can issue commands from the console, achieving the same goals faster and more conveniently,” said Mobile Security Lead, WithSecure Consulting. Miłosz Gaczkowski told Help Net Security.
Drozer provides tools to help you understand and use publicly available Android exploits. Effective at imitating malicious applications. Penetration testers don’t need to create custom apps to interact with specific content providers. Instead, you can leverage Drozer with minimal or no programming skills to demonstrate the results of exposing specific components on your device.
Upcoming plans and downloads
“We plan to release a new major version of Drozer to resolve some of the compatibility issues. Drozer 2 relies on older libraries and SDKs that are difficult to run natively. Drozer 3 Although we haven’t introduced any new major features, we expect it to make running applications much easier and make mobile security more accessible,” concluded Gaczkowski.
Drozer is available for free on GitHub.
Must read:
[ad_2]
Source link
