注意:如果安装Python3.6以上的版本需要单独安装证书,否则后续安装过程会出现如下错误:
Error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1056)
这是因为在 Mac 操作系统下,Python 不再使用系统默认的证书,且本身也不提供证书。在进行 HTTPS 请求时,需要使用 certifi库提供的证书,但 SDK 不支持指定,所以只能使用 Install Certificates.command 命令安装证书才能解决此问题。
步骤2:解决方法安装,手动安装certifi然后进入到Mac的 /Applications/Python{版本号} 目录之中,如果是使用homebrew安装的Python则在/Applications不会有python目录,需要安装pkg安装包。
pip3 install certifi
步骤3:安装好之后在 /Applications/Python{版本号} 目录双击 Install Certificates.command 安装即可。
步骤4:下载安装wkhtmltopdf(下载地址:https://wkhtmltopdf.org/downloads.html)
步骤5:安装成功之后执行 sudo ./run.sh 后即可运行服务。(ubuntu执行命令 sudo bash run.sh)
步骤6:如果需要修改默认端口号,可以在run.sh文件中修改PORT='8000'默认端口号。
报错处理
由于网络环境影响,在下载frida文件时可能超过默认2分钟的等待时间,导致出现如下报错,可以根据报错日志提示,手动下载对应的文件放到对应的目录。
Building wheel for frida (setup.py) ... error ERROR: Command errored out with exit status 1: command: /Users/atx/Desktop/mobsf/venv/bin/python3 -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/private/tmp/pip-install-bbfbrc_4/frida/setup.py'"'"'; __file__='"'"'/private/tmp/pip-install-bbfbrc_4/frida/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /private/tmp/pip-wheel-qgnu51tn cwd: /private/tmp/pip-install-bbfbrc_4/frida/ Complete output (15 lines): running bdist_wheel running build running build_py creating build creating build/lib.macosx-10.9-x86_64-3.8 creating build/lib.macosx-10.9-x86_64-3.8/frida copying frida/__init__.py -> build/lib.macosx-10.9-x86_64-3.8/frida copying frida/core.py -> build/lib.macosx-10.9-x86_64-3.8/frida running build_ext looking for prebuilt extension in home directory, i.e. /Users/atx/frida-12.11.12-py3.8-macosx-10.9-x86_64.egg prebuilt extension not found in home directory, will try downloading it querying pypi for available prebuilds downloading prebuilt extension from https://files.pythonhosted.org/packages/07/dd/f0a156369a6ac0e033e5a5fcf327a8da1cb2e2d771d4d45b0cdbd39e737a/frida-12.11.12-py3.8-macosx-10.9-x86_64.egg unable to download it within 120 seconds; please download it manually to /Users/atx/frida-12.11.12-py3.8-macosx-10.9-x86_64.egg error: The read operation timed out ---------------------------------------- ERROR: Failed building wheel for frida
根据上面的报错提示,我们可以根据地址手动下载文件frida-12.11.12-py3.8-macosx-10.9-x86_64.egg 放置到/Users/atx/目录之中。
Docker安装
步骤1:下载镜像 mobile-security-framework-mobsf (本文使用Mac环境下Docker安装)
atxdeMac-mini:~ atx$ docker pull opensecurity/mobile-security-framework-mobsf Using default tag: latest latest: Pulling from opensecurity/mobile-security-framework-mobsf 3ff22d22a855: Pull complete e7cb79d19722: Pull complete 323d0d660b6a: Pull complete b7f616834fd0: Pull complete 6bfde659e3f1: Pull complete 2e41d5beb2f8: Pull complete 55301430fd9f: Pull complete 2b5227325181: Pull complete 844627dd5c16: Pull complete 516af7a49fe2: Pull complete a9f1027468db: Pull complete dd9571251a13: Pull complete 11ecc671e91c: Pull complete 99a61bee50cb: Pull complete d99b0120e9d0: Pull complete d52913225066: Pull complete Digest: sha256:887ceb024c56b55d5372be9aee228ee81a61f7f7fad85a67bff3b89b98ef6145 Status: Downloaded newer image for opensecurity/mobile-security-framework-mobsf:latest docker.io/opensecurity/mobile-security-framework-mobsf:latest
步骤2:使用命令 docker run -it -p 8008:8000 opensecurity/mobile-security-framework-mobsf:latest 运行容器。
步骤3:运行成功之后输入 电脑iP:8008 即可打开首页,如下图所示:
步骤4:上传测试包可以自动开始执行扫描生成报告。
静态分析
1、扫描内容
Android
- APK基本信息:文件名、文件大小、MD5、SHA-1、SHA-256
- APP信息:包名、Main Activity、版本号等
- 组件:Activity、Service、Broadcast Receiver、Content Provider
- 证书信息(Signer Certificate)
- 权限信息
- Android API信息
- Androidmanifest分析(标志位、组件配置等)
- 代码分析、文件分析
- url、email、string等
iOS