Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[tool] Add Drozer to Android Testing Guide back #2598

Open
andreysanyuk opened this issue Mar 29, 2024 · 8 comments
Open

[tool] Add Drozer to Android Testing Guide back #2598

andreysanyuk opened this issue Mar 29, 2024 · 8 comments
Assignees

Comments

@andreysanyuk
Copy link

andreysanyuk commented Mar 29, 2024

Recently a new version of Drozer has been released Drozer 3.0.0. It supports Python 3 and modern Java per their release notes:
Compatibility with Python 3 and modern Java.

So it makes sense to bring it back to the guide since it is more convenient for the security testing than ADB.

@cpholguera
Copy link
Collaborator

Very interesting, thank you @andreysanyuk!

@cyberMilosz
Copy link
Contributor

cyberMilosz commented Apr 5, 2024

Hello from the drozer team!

Worth noting that drozer is still included in MASTG as MASTG-TOOL-0015 (those numberic references are not so great for quick checks) - as far as I know it was never removed.

The current writeup only needs modest adjustments - mostly to remove old articles on installation and the 2015 user manual PDF, and perhaps to provide some practical advice on actually using the tool.

I was planning to propose my own adjustments in a few weeks, once we've ironed out some final kinks. Happy to work on this if you'd like.

@anantshri
Copy link
Collaborator

@cyberMilosz
Copy link
Contributor

@cyberMilosz I think it just started https://github.com/OWASP/owasp-mastg/pull/1904/files

Ah, I've missed that! Yeah, it would be a shame to lose useful content - even the old version of drozer was perfectly usable with a docker container.

@cpholguera
Copy link
Collaborator

@cyberMilosz would you like to update the current page? That'd be very helpful. I can assign the issue to you.

https://mas.owasp.org/MASTG/tools/android/MASTG-TOOL-0015/

@cyberMilosz
Copy link
Contributor

@cpholguera Happy to!

@cpholguera
Copy link
Collaborator

Thanks @cyberMilosz, it's yours!

@cyberMilosz
Copy link
Contributor

cyberMilosz commented May 6, 2024

Hey @cpholguera - we've completed the first part of this: adjusting the MASTG-TOOL page. #2614

If you're happy for us to continue, we'd like to go over the changes highlighted by @andreysanyuk and @anantshri and see if we can restore some of the old instructions where they make sense (i.e., where the current recommendations are heavy on adb/aapt or significantly less convenient than the drozer approach).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants