i Mobile Security Framework (MobSF) Configuration – All things in moderation

Mobile Security Framework (MobSF) Configuration

Hi all! Today, I will show you how to configure Mobile Security Framework(MobSF). Mobsf is a dynamic analysis tool in analysis malware on mobile.

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.

Now, we will install and configuration MobSF.

Install environment:

  • Ubuntu 14.04
  • Ram >= 4GB
  • HDD >= 50GB
  • Python 2.7 (default in ubuntu 14.04)
  • Oracle JDK 1.7 or higher
    You can install Oracle JDK with commands:

$sudo add-apt-repository ppa:webupd8team/java -y
$sudo apt-get update
$sudo apt-get install oracle-java8-installer

Install Oracle VitualBox

You can download in link (https://www.virtualbox.org/wiki/Downloads)
Or
Add secure key:

wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add –

Install VirtualBox:

$sudo apt-get update
$sudo apt-get install vitualbox-5.0

Download

Download latest release of MobSF: https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/releases
Download MobSF VM 0.2 ova file: https://goo.gl/h7CCxx

Static configuration analysis

Copy file MobSF you download:
– Windows: C:\MobSF
– Linux: /home/[username]/MobSF
Install MobSF Python by using pip.
If your computer is not already installed pip you can install with command:
– Ubuntu:

$sudo apt-get -y install python-pip

-Windows:
Download file:
https://bootstrap.pypa.io/get-pip.py
Run command:

python get-pip.py

Install MobSF

  • Windows:

C:\Python27\Scripts\pip.exe install -r requirments.txt

  • Ubuntu:

pip install -r requirements.txt

Install complete!

Run MobSF

In folder of MobSF you run command:

$sudo python manage.py runserver

If port 8000 is used by another process:

$sudo python manage.py runserver port

Results received:

 __  __       _    ____  _____          ___   ___   ____  
 |  \/  | ___ | |__/ ___||  ___| __   __/ _ \ / _ \ |___ \ 
 | |\/| |/ _ \| '_ \___ \| |_    \ \ / / | | | (_) |  __) |
 | |  | | (_) | |_) |__) |  _|    \ V /| |_| |\__, | / __/ 
 |_|  |_|\___/|_.__/____/|_|       \_/  \___(_) /_(_)_____|                                                                                                          
                                                            

[INFO] Loading User config from: /home/manh/.MobSF/config.py

[INFO] Finding JDK Location in Linux/MAC....

[INFO] Oracle Java is installed!

[INFO] JDK 1.7 or above is available
Performing system checks...

System check identified no issues (0 silenced).
June 29, 2016 - 04:21:53
Django version 1.8, using settings 'MobSF.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.

Dynamic configuration analysis

The configuration parameters:
– VM UUID
– Snapshot UUID
– Host/Proxy IP
– VM/Device IP

Open VirtualBox, File -> Import Appliance and select the virtual machine downloaded above

Our success will be imported virtual machine name MobSF_VM_X.X

Right-click the VM and select Settings
And configuration in 2 step:

To configure Host-only Adapter you can do the following:
In VirtualBox choose File → Preference
Select Network and select tab Host-only Networks

Select plus icon to add:

Save the settings and reboot the virtual machine

Mob_SF6

Note to IP_VM address is highlighted in red above.

Password unlock: 1234

Mob_SF7

Note : If the virtual machine is turn off, we can not analyze the action.
Get the address of the Host / IP Proxy:
Windows:
You run conmand: ipconfig

Mob_SF8

Linux:
You rub command: ifconfig

Mob_SF9

Note: Host -Only Adapter IP_VM and must be in the same network range. If we change the different address -Only Host Adapter.
In Setting wifi of Android VM we configure Proxy:
IP: IP of Host-only Adapter.
Port: 1337

Mob_SF10

Save your configured virtual machine Virtualbox snapshot.

Mob_SF12

Once saved snapshot, right-click and select Show in MobSF VM Explorer or Show in File Manager

Open file name: MobSF_VM_X_X.vbox with text editer and copy 2 value VM UUID and Snapshot UUID.

Two corresponding values are:
VM UUID: uuid
Snapshot UUID: currentSnapshot

Back to file MobSF / setting.py and modify the value :

UUID= VM UUID
SUUID= Snapshot UUID
VM_IP – VM IP
PROXY_IP = Host/Proxy IP

Mob_SF14

Thus has completed analytical configuration with virtual machines .
For real devices, we set : REAL_DEVICE is True

In terms of values: DEVICE_IP and DEVICE_ADB_PORT with values obtained in wireless applications ADB.

Mob_SF15

Note : When performing the analysis must be reviewed by the virtual machine : REAL_DEVICE is False.

We have completed the installation and configuration for Mob-SF.
Next article I will introduce you how to use Mob-SF.
Source: GitHub

4 Comments

  1. michell johann October 26, 2016
    • Stephen Stinson November 25, 2016
  2. Gordon March 28, 2018
    • Cloudi March 28, 2018

Leave a Reply