Penetration testing on mobile applications (iOS, Android).
For the Dynamic Analyzer, use Android Studio Emulator. See Android.
Installation – Docker Container
Prerequisites
- Install Docker
Start Docker service
sudo service docker start
Pull the MobSF docker image
sudo docker pull opensecurity/mobile-security-framework-mobsf
Run container (no proxy)
sudo docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Run container (with proxy, to validate)
sudo docker run -e "HTTP_PROXY=${HTTP_PROXY}" -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
# sudo docker run --net host -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Access the web application
http://127.0.0.1:8000/ with default credentials mobsf/mobsf.
Installation in Kali
NOT WORKING
# Prereq: python 3.6 and pip, Oracle JDK 1.7
apt install python3-pip
cd /usr/bin
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
./setup.sh
Installation of the 64-bit JDK on Linux Platforms
# Download Oracle JDK 1.7 (tar.gz file)
https://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html
jdk-7u80-linux-x64.tar.gz
# Install Oracle JDK 1.7
cd /usr/bin
mv /root/Downloads/jdk-7u80-linux-x64.tar.gz ./jdk-7u80-linux-x64.tar.gz
tar zxvf jdk-7u80-linux-x64.tar.gz
rm ./jdk-7u80-linux-x64.tar.gz
# Set Oracle JDK path
In ./MobSF/settings.py, change:
JAVA_DIRECTORY = "/usr/bin/jdk1.7.0_80/bin"
#PYTHON3_PATH = "/usr/bin/python3"
PYTHON3_PATH = "/usr/bin/Mobile-Security-Framework-MobSF/venv/bin/python3"
./scripts/clean.sh
# makemigrations, which is responsible for creating new migrations based on the changes you have made to your models.
/usr/bin/Mobile-Security-Framework-MobSF/venv/bin/python3 manage.py makemigrations
# migrate, which is responsible for applying migrations, as well as unapplying and listing their status.
/usr/bin/Mobile-Security-Framework-MobSF/venv/bin/python3 manage.py migrate
# If it didn't fix the issue
mv /usr/bin/Mobile-Security-Framework-MobSF/db.sqlite3 /usr/bin/Mobile-Security-Framework-MobSF/db.sqlite3.bak
# Run unit tests
/usr/bin/Mobile-Security-Framework-MobSF/venv/bin/python3 manage.py test
/usr/bin/Mobile-Security-Framework-MobSF/run.sh