Skip to main content

Implement MobSF on Kali Linux for Dynamic and Static Security Testing

Published Date
Author Team Copado

Implement MobSF on Kali Linux

 

With the mobile application market exploding (there are currently 2.8 million apps on the Google Play Store and 2.2 million on the Apple store - not to mention Enterprise apps or apps not available on “Regular Markets”), Security Testing on mobile devices is now critical to IT security for Copado (formerly IOVIO)

Recently, a customer needed Security and Penetration Testing carried out on their mission-critical applications, including Mobile Applications for Android and iOS. This assignment’s weapons of choice are Kali Linux, the MobSF (Mobile Security Framework), and an automated Security Framework that allows application testing during run-time.

To set up such an environment with minimum hassle, start by opening a console and installing Phyton3-pip.

Then, make sure you have Java SDK.

Now, let’s clone the MobSF repository and navigate to the main directory.

 

cat /etc/apt/sources.list.d/webupd8team-java.list<< EOF
deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main
deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main 
EOF
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
apt-get update
apt-get install oracle-java8-installer
java -version
apt-get install python3-pip

 

opening a console and installing Phyton3-pip

 

opening a console and installing Phyton3-pip 2

 

opening a console and installing Phyton3-pip 3

 

Now let’s clone the MobSF repository and navigate to the main directory.

 

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF

 

clone the MobSF repository

Configure Static Analyzer

Before running the server, create and activate a virtual environment and install the MobSF requirements.

As an optional step install wkhtmltopdf first to generate PDF reports.

 

pip3 install virtualenv
virtualenv -p python3 venv
source venv/bin/activate
pip3 install -r requirements.txt

 

install wkhtmltopdf first to generate PDF reports

 

install wkhtmltopdf first to generate PDF reports 2

Run MobSF Server

python3 manage.py runserver PORT_NO
python3 manage.py runserver IP:PORT_NO

 

After running the server for the first time, many users find that they have unapplied migrations and that the project does not work properly. To solve this, simply apply the pending migrations.

 

Run MobSF Server

 

python3 manage.py migrate

 

apply the pending migrations

 

Now, everything is ready to run: open your favorite browser and navigate to http://127.0.0.1:800, or the configured IP and Port.

You are now ready to load APKs or IPAs into the server and start performing Static Analysis of your apps. Don’t forget to visit the project page to discover more about MobSF! 

 

oad APKs into servers

 

Load IPAs into server

 

If you’re interested in security testing services, have any questions, comments, or want to share some of your own approaches, reach out.