Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile Applications and supports both binaries (APK, IPA & APPX ) and zipped source code.
MobSF can also perform Web API Security testing with it's API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.
To Install & Configure MOBSF: System Requirements:
Ubuntu 14.04
Ram >= 4GB
HDD >= 50GB
Python 2.7
Oracle JDK 1.7 or higher
INSTALL ORACLE VITUALBOX
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add –
Install VirtualBox:
$sudo apt-get update
$sudo apt-get install vitualbox-5.0
Download latest release of MobSF:
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/releases
Download MobSF VM 0.2 ova file:
https://goo.gl/h7CCxx
Now Copy file MobSF you download:
---> for Windows path: C:\MobSF
----> for Linux path: /home/[username]/MobSF
Install MobSF Python by using pip.
For Ubuntu:
$sudo apt-get -y install python-pip
For Windows:
Download file: https://bootstrap.pypa.io/get-pip.py
Run command:
python get-pip.py
INSTALL MOBSF
Windows: C:\Python27\Scripts\pip.exe install -r requirments.txt
Ubuntu: pip install -r requirements.txt
Install complete!
DYNAMIC CONFIGURATION ANALYSIS
The configuration parameters:
– VM UUID
– Snapshot UUID
– Host/Proxy IP
– VM/Device IP
Follow the below points
"Open VirtualBox, File -> Import Appliance
and select the virtual machine downloaded above
Our success will be imported virtual machine name MobSF_VM_X.X
Right-click the VM and select Settings"
And configuration in 2 step:
To configure Host-only Adapter you can do the following:
In VirtualBox choose File → Preference
Select Network and select tab Host-only Networks
Select plus icon to add:
Save the settings and reboot the virtual machine
Note to IP_VM address is highlighted in red above.
Password unlock: 1234
Note : If the virtual machine is turn off, we can not analyze the action.
Get the address of the Host / IP Proxy:
Windows:
You run conmand: ipconfig
Linux:
You run command: ifconfig
Note: Host -Only Adapter IP_VM and must be in the same network range. If we change the different address -Only Host Adapter.
In Setting wifi of Android VM we configure Proxy:
IP: IP of Host-only Adapter.
Port: 1337
Save your configured virtual machine Virtualbox snapshot.
Once saved snapshot, right-click and select Show in MobSF VM Explorer or Show in File Manager
Open file name: MobSF_VM_X_X.vbox with text editer and copy 2 value VM UUID and Snapshot UUID.
Two corresponding values are:
VM UUID: uuid
Snapshot UUID: currentSnapshot
Back to file MobSF / setting.py and modify the value :
UUID= VM UUID
SUUID= Snapshot UUID
VM_IP – VM IP
PROXY_IP = Host/Proxy IP
Thus has completed analytical configuration with virtual machines .
For real devices, we set : REAL_DEVICE is True
In terms of values: DEVICE_IP and DEVICE_ADB_PORT with values obtained in wireless applications ADB.
For real devices, we set : REAL_DEVICE is True
In terms of values: DEVICE_IP and DEVICE_ADB_PORT with values obtained in wireless applications ADB.
Note : When performing the analysis must be reviewed by the virtual machine : REAL_DEVICE is False. We have completed the installation and configuration for Mob-SF.
To Run MobSF:
-- Goto MobSF file location in cmd “ cd Downloads/Mobile-Security-Framework-MobSF-0.9.5.2 “
-- Now run serever cmd “ sudo python manage.py runserver “
-- Open Browser enter your local ip address “ http://127.0.0.1:8000/ “ or “ http://ip_server:8000/ “
-- Finally the MobSF home page displayed as like below
 |
| Mobsf installation in LinuxMint/Ubuntu |
- Select file you want analyze
- Once uploaded it starts to analyze.
 |
| Mobsf Report |
Hope this helps !
ReplyDeleteGood post.....I appreciate yor way of writing that make the blog attractive and make reader to hold longer to your blog.
Regression Testing Services
Functional Testing Services
Performance Testing Services
This really is my first time i visit here. I discovered so many entertaining stuff in your blog, especially its discussion. From a great deal of comments in your articles, I guess I am not alone having all of the leisure here! Maintain the superb work.It is very useful who is looking for top software testing companies
ReplyDeleteNice and interesting post, I appreciate your hard work. keep it up…!!!Thanks for such useful information, It is true that now if you want to grow your business you will surely need the mobile app testing services for your business. But for that purpose everyone needs best mobile app testing companies.
ReplyDeletei am glad to discover this page : i have to thank you for the time i spent on this especially great reading !! i really liked each part and also bookmarked you for new information on your site.Top QA Companies
ReplyDeleteTop Automation Testing Companies
Top Mobile App Testing Companies
Top Performance Testing Companies
Nice informative content. Thanks for sharing the valuable information.
ReplyDeleteDot Net Training in Chennai
Dot Net Online Training
Dot Net Training in Bangalore