Choudhary's Cyber Corner

Introduction Drozer is a powerful Android security assessment tool used to identify and exploit vulnerabilities in Android applications. In this blog, we will focus on exploiting static vulnerabilities in Android apps using Drozer, covering misconfigured exported components, insecure content providers, broadcast receivers, services, and debuggable applications. Prerequisites A rooted Android device or an emulator (e.g., Genymotion or Android Studio AVD with root access) Drozer installed on both the host machine and Android device/emulator A vulnerable Android app (such as InsecureBank or a custom test app) ` Step 1: Setting Up Drozer Install Drozer on your machine: pip install drozer Install the Drozer agent APK on your Android device/emulator and start it: adb install drozer-agent.apk Forward the Drozer agent connection: adb forward tcp:31415 tcp:31415 Launch Drozer: drozer console connect Step 2: Identifying the App’s Attack Surface The first step in any as...

Activity Lifecycle: onCreate() : Called when the activity is created. onStart() : Called when the activity becomes visible to the user. onResume() : Called when the activity starts interacting with the user. onPause() : Called when the activity is partially visible (but not in focus). onStop() : Called when the activity is no longer visible. onDestroy() : Called before the activity is destroyed. Layouts and Views: Layouts define the structure of the user interface. Views are widgets (buttons, text fields, etc.) that are placed inside layouts. Intents: Intents are messages used to communicate between different components of an application or between different applications. Explicit Intents: Specifies the target component directly. Implicit Intents: Declares an action without a recipient, and the android system resolves the appropriate component to handle it. Data sent by the application could be stolen by a malicious app as it doesn’t specify a recipient. An int...

Note: Welcome to my journey of mastering Android security! As I prepare for the eMAPT certification, I'll be sharing insights, notes, and tested applications to help fellow learners navigate this exciting field. What is Android? Android is an open-source operating system developed by Google and the Open Handset Alliance. It is designed for mobile devices and offers a customizable platform for developers to create applications. It is based on the Linux kernel and supports features like a user-friendly interface, access to the Google Play Store, and integration with Google services. It is used in smartphones, tablets, smart TVs, smartwatches, and other devices, and has a large developer community contributing to its growth and availability of apps. Since it is used by almost all devices, that means that bug hunters have a huge scope. Android Architecture The Android architecture is composed of several layers that work together to provide a complete operating system for mob...