-
Notifications
You must be signed in to change notification settings - Fork 0
Testing the Android Application
Mihály Dobos-Kovács edited this page Nov 29, 2020
·
2 revisions
This document describes the testing of the Android application.
As described in the Testing Plan we carried out the penetration testing of the application using Drozer, F-Secure's tool for security testing Android applications.
During the automated penetration testing, we used the following modules of Drozer:
app.package.attacksurfaceintents.fuzzinozer
We identified the attack surface using the app.package.attacksurface module of drozer. It analyzed the application, and concluded that the attack surface of the application is the following:
LoginAcivityMainActivity
It is consistent with the notion, that we did not define any content providers, broadcast receivers or services.
We fuzzed the intents of the attack surface using the intents.fuzzinozer module of Drozer. During the fuzzing, Drozer identified 2,226,048 potential intents worth to try, but none of the intents executed yielded any vulnerabilities in the application.
An excerpt from the fuzzing log can be seen below. As it can be seen, the fuzzer tries sending different intents, with different data uris and extra values to the activities, while trying to find a vulnerability:
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: https://VjQQUG2X8JeNMkveyYIpP3sEBqpr78eHmRNIwfpGojiX.org category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: boolean extra_key: android.intent.extra.ALARM_COUNT extra_value: True
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: https://zmxnZmucGsOIWIAmXhwm69TzGRKp2Q3LIVqyDPgvZN11dGol01bBn95NTFU4xpmt.net category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: integer extra_key: android.intent.extra.ALARM_COUNT extra_value: 509
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://SJTKRi50gN8gWMjwq5l15rQzeRRGg5lWM14bUA5VAES5C5sIGKj73Lf0aX7Qq3oxMtGuTpRUVswR4eK2QLpE9US.mil category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: string extra_key: android.intent.extra.ALARM_COUNT extra_value: MnWDKfZy3mV4VyCO9hmdDKox6RLZei8eNp4Hm2edezpWpJkWekRtUJ1JDSCXNi2ITUoyDqXI5TDAiWS9lf0q9xHhHPXB7dTK
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://cUb4GlYbO6j03Y5eYbn0UM.int category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: boolean extra_key: android.intent.extra.BCC extra_value: False
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: https://aP7wbaO5nYNvFX6HBEtTBlLUZDBH9I3kKD6c.com category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: integer extra_key: android.intent.extra.BCC extra_value: 324
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: https://srFnyhSv2tM46e4CFCFA4DfL5oxG2gG0ufO.net category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: string extra_key: android.intent.extra.BCC extra_value: YZBy9NNwA6gZN
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: https://Pnavk1mo5dG95LhGSEpf7Po5BDgOkbo9vG38PBmeZVKilS7xeuugE6U5QgdEDJZnQ2dyVfJyVQJ8ylY3T.gov category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: boolean extra_key: android.intent.extra.CC extra_value: False
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://SuwWxuvVTM7T2jf.gov category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: integer extra_key: android.intent.extra.CC extra_value: 268
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://nCNE2fAG9VLm75xrptoit1FdAfq6hMmtRyphAvPKXtnKXEKsom7n.gov category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: string extra_key: android.intent.extra.CC extra_value: Got4JsoZirlYJ72DPf0cScOGA
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: https://CTNn0axYMtgNFXHe36i66CGvSBeOKLbVVDbnb3ESeOVd4A7PxjNzW17gOOn9t.org category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: boolean extra_key: android.intent.extra.CHANGED_COMPONENT_NAME extra_value: False
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://IlYjDmRM37hlujM1SsQtI6HBdHJvs.mil category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: integer extra_key: android.intent.extra.CHANGED_COMPONENT_NAME extra_value: 543
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://hq6YFXmABWU3uN.int category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: string extra_key: android.intent.extra.CHANGED_COMPONENT_NAME extra_value: b1JOMXJR1Ixzrc0UoQ6lYZr6wf28WrbkqWYr487cZcoC69K7
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://xIkjzUCucQ9RmwcV5FWbdMe2NRzqjok4ClYxN4u0JGj5GmJG2o.int category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: boolean extra_key: android.intent.extra.DATA_REMOVED extra_value: True
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://LANYj2xSaYHtmvm6iVWzskrhbgKHT8j244ld3zyBAgcYiMbFHqb0TY4kCY1.mil category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: integer extra_key: android.intent.extra.DATA_REMOVED extra_value: 930
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://wlqaBPPOhzForR5fIMynrA8RlVh3LIeh5QTLnChYn0uPGX.com category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: string extra_key: android.intent.extra.DATA_REMOVED extra_value: 9KK7XqPcbTA92v7ULC6pBmuo70OFw3qzL0361XxvmR5m8
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://GCs77ETgO1W1lZpuCqD35mahTqEujTjKMC19XfWU4Llz3m3UsTIZJLDLHxjV3F1rzb9C8bjdRPVdAl2h2.net category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: boolean extra_key: android.intent.extra.DOCK_STATE extra_value: False
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://f978h0GSbXluH3DMHjNqjI0of6sAYpuRDHCCJyNMBX7dbjgo0YVB4ykEtSQpUCrmJvgEgIoGGoar5EyGhCLNRHeeh.mil category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: integer extra_key: android.intent.extra.DOCK_STATE extra_value: 206
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: https://4wa5HKxs35vgpm6VPTPHw41n7Cv7tGuEOIL3XUK6g4wfVwANRuuLoFNCD1plf8CQhBNRV5L5VsLkpURV9.mil category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: string extra_key: android.intent.extra.DOCK_STATE extra_value: k8F995aVKONRkjxiHkWjd4qp5MvIIQISzwUz9oyOfZMtxL4wHYDvlqCLoKjREFq1NVM0VUiaaIZ1FKoJxk4l3WGpJ7F
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://0V9wTGPdmyQwcOpdpYteOzz1uLNQ4AUUP25nSUMgJq35eCDd25FvAKSgSioyA99pnAYS1I5CsmrNnRpvuOwzUf2dAR0kv.int category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: boolean extra_key: android.intent.extra.DOCK_STATE_HE_DESK extra_value: True
fuzzing_intent type: fuzzing package: com.example.grotesquegecko component: com.example.grotesquegecko.MainActivity data_uri: http://NL3d0VxoJJCB4p5C4pBdhpl.mil category: android.intent.category.DEFAULT action: android.intent.action.MAIN flag: ACTIVITY_BROUGHT_TO_FRONT extra_type: integer extra_key: android.intent.extra.DOCK_STATE_HE_DESK extra_value: 275In conclusion all the requirements defined during the design phase are covered. The penetration test did not reveal any shortcomings of the application, we concluded that the client satisfies all of our functional- and security requirements.
© Grotesque Gecko, 2020
- Functional Requirements and Use Cases
- Security Requirements and Objectives
- Threat Assessment
- Quality Gates
- Chosen Technologies
- Required Security Functionalities
- Structural Model of the System
- Behavioral Model of the System