Identifying the attack surface

This section is one of the most interesting sections when working with Drozer. We can identify the attack surface of our target application with a single command. It gives the details such as exported applications components, if the app is debuggable, and so on.

Let's go ahead and find out the attack surface of testapp.apk. The following command is the syntax for finding the attack surface of a specific package:

dz> run app.package.attacksurface [package name]

In our case for testapp.apk, the command becomes as follows:

dz> run app.package.attacksurface com.isi.testapp
Identifying the attack surface

As we can see in the previous screenshot, the testapp ...

Get Hacking Android now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.