Lin Xiaopeng, Wang Ning, Xiao Fei, Qian Fengchen, Ma Simin
{"title":"基于Drozer的Android应用安全检测方法","authors":"Lin Xiaopeng, Wang Ning, Xiao Fei, Qian Fengchen, Ma Simin","doi":"10.1109/ICSGEA.2018.00050","DOIUrl":null,"url":null,"abstract":"Drozer is the interactive Android security testing framework developed by MWR Labs. According to this framework, the dynamic analysis can be executed the actual equipment, and agent can be installed in the equipment or the simulator, the user-input commands are send to the agent program of Android device from server, the tool is extended by modifying local Python files or installing modules, and then more sophisticated, in-depth attacks on Android components are launched. First of all, a Drozer based Android APP security detection scanning plug-in is designed. Secondly, the software is tested by using the attack mode, detecting whether there is SQL injection vulnerability, rejection vulnerability, data backup vulnerability. Finally, the interaction information between the detecting software and Drozer is utilized, and the authoritative software security test report is automatically generated by one key, which provides a new intelligent method for the detection of Android software vulnerability.","PeriodicalId":445324,"journal":{"name":"2018 International Conference on Smart Grid and Electrical Automation (ICSGEA)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Safety Detection Method of Android App Based on Drozer\",\"authors\":\"Lin Xiaopeng, Wang Ning, Xiao Fei, Qian Fengchen, Ma Simin\",\"doi\":\"10.1109/ICSGEA.2018.00050\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Drozer is the interactive Android security testing framework developed by MWR Labs. According to this framework, the dynamic analysis can be executed the actual equipment, and agent can be installed in the equipment or the simulator, the user-input commands are send to the agent program of Android device from server, the tool is extended by modifying local Python files or installing modules, and then more sophisticated, in-depth attacks on Android components are launched. First of all, a Drozer based Android APP security detection scanning plug-in is designed. Secondly, the software is tested by using the attack mode, detecting whether there is SQL injection vulnerability, rejection vulnerability, data backup vulnerability. Finally, the interaction information between the detecting software and Drozer is utilized, and the authoritative software security test report is automatically generated by one key, which provides a new intelligent method for the detection of Android software vulnerability.\",\"PeriodicalId\":445324,\"journal\":{\"name\":\"2018 International Conference on Smart Grid and Electrical Automation (ICSGEA)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Smart Grid and Electrical Automation (ICSGEA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSGEA.2018.00050\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Smart Grid and Electrical Automation (ICSGEA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSGEA.2018.00050","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Safety Detection Method of Android App Based on Drozer
Drozer is the interactive Android security testing framework developed by MWR Labs. According to this framework, the dynamic analysis can be executed the actual equipment, and agent can be installed in the equipment or the simulator, the user-input commands are send to the agent program of Android device from server, the tool is extended by modifying local Python files or installing modules, and then more sophisticated, in-depth attacks on Android components are launched. First of all, a Drozer based Android APP security detection scanning plug-in is designed. Secondly, the software is tested by using the attack mode, detecting whether there is SQL injection vulnerability, rejection vulnerability, data backup vulnerability. Finally, the interaction information between the detecting software and Drozer is utilized, and the authoritative software security test report is automatically generated by one key, which provides a new intelligent method for the detection of Android software vulnerability.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
