移动端App安全扫描工具MobSF安装及入门教程

7、动态分析执行

引导页面在历史静态扫描记录上点击【Start Dynamic Analysis】 按钮进入动态分析界面,运行成功之后可以进入动态分析页面如下图所示:

移动端App安全扫描工具MobSF安装及入门教程

观察 run 运行命令界面可以看到日志信息

[INFO] 22/Sep/2020 10:43:17 - Creating Dynamic Analysis Environment
[INFO] 22/Sep/2020 10:43:20 - ADB Restarted
[INFO] 22/Sep/2020 10:43:20 - Waiting for 2 seconds...
[INFO] 22/Sep/2020 10:43:22 - Connecting to Android 192.168.46.101:5555
[INFO] 22/Sep/2020 10:43:22 - Waiting for 2 seconds...
[INFO] 22/Sep/2020 10:43:24 - Restarting ADB Daemon as root
[INFO] 22/Sep/2020 10:43:24 - Waiting for 2 seconds...
[INFO] 22/Sep/2020 10:43:26 - Reconnecting to Android Device
[INFO] 22/Sep/2020 10:43:27 - Waiting for 2 seconds...
[INFO] 22/Sep/2020 10:43:30 - Found Genymotion x86 Android VM
[INFO] 22/Sep/2020 10:43:30 - Remounting
[INFO] 22/Sep/2020 10:43:30 - Performing System check
[INFO] 22/Sep/2020 10:43:30 - Android API Level identified as 24
[INFO] 22/Sep/2020 10:43:30 - Android Version identified as 7.0
[INFO] 22/Sep/2020 10:43:30 - Environment MobSFyed Check
[INFO] 22/Sep/2020 10:43:30 - Installing MobSF RootCA
[INFO] 22/Sep/2020 10:43:31 - Starting HTTPs Proxy on 1337
[INFO] 22/Sep/2020 10:43:31 - Killing httptools UI
[INFO] 22/Sep/2020 10:43:31 - Enabling ADB Reverse TCP on 1337
[INFO] 22/Sep/2020 10:43:31 - Setting Global Proxy for Android VM
[INFO] 22/Sep/2020 10:43:32 - Starting Clipboard Monitor
[INFO] 22/Sep/2020 10:43:33 - Getting screen resolution
[INFO] 22/Sep/2020 10:43:33 - Removing existing installation
[INFO] 22/Sep/2020 10:43:34 - Installing APK
[INFO] 22/Sep/2020 10:43:35 - Testing Environment is Ready!

动态分析功能主要如下:

移动端App安全扫描工具MobSF安装及入门教程

8、Show/Stop Screen

1)点击 Show Screen 可以实时同步设备屏幕,方便测试执行查看。在 Dynamic Analyzer 菜单可以查看实时动态分析日志,Errors 菜单可以查看错误日志。

移动端App安全扫描工具MobSF安装及入门教程

2)Frida Scripts 栏设置是设置Frida相关选项,Frida是个轻量级别的hook框架,核心是用C编写的,并将Google的V8引擎注入到目标进程中,在这些进程中,JS可以完全访问内存,Hook函数甚至调用进程内的本机函数来执行。

一般使用默认的配置选项即可,如果想进阶测试,可以勾选Auxiliary中的选项,甚至右侧Frida Code Editor编辑窗口,可以直接编写脚本进行调试。Fira使用教程请参考官方文档:https://frida.re/docs/home/

9、Install/Remove MobSF RootCA

Install/Remove MobSF RootCA 用来安装卸载MobSF CA证书,方便对样本中HTTPS流量进行截获。

10、Start Exported Activity Tester

遍历获取 AndroidManifest.xml 文件中的所有 Exported Activity 测试流程如下:

1)依次启动activity,adb -s IP:PORT shell am start -n PACKAGE/ACTIVITY

2)获取当前activity运行时的屏幕截图,并保存截屏

3)强制关闭应用:adb -s IP:PORT shell am force-stop PACKAGE

11、Start Activity Tester

  • 遍历AndroidManifest.xml文件中的所有Activity,而不单单是Exported。
  • 处理流程与Exported Activity一致。

12、Take a Screenshot

截屏并保存到本地。

13、Logcat Stream

输出logcat日志信息,如下所示:

09-21 22:15:31.252 573 573 D ConditionProviders.SCP: onReceive android.intent.action.TIME_SET
09-21 22:15:31.252 573 573 D ConditionProviders.SCP: notifyCondition condition://android/schedule?days=6.7&start=23.30&end=10.0&exitAtAlarm=false STATE_FALSE reason=!meetsSchedule
09-21 22:15:31.252 573 573 D ConditionProviders.SCP: notifyCondition condition://android/schedule?days=1.2.3.4.5&start=22.0&end=7.0&exitAtAlarm=false STATE_TRUE reason=meetsSchedule
09-21 22:15:31.252 573 573 D ConditionProviders.SCP: Scheduling evaluate for Mon Sep 21 23:30:00 EDT 2020 (1600745400000), in +1h14m28s748ms, now=Mon Sep 21 22:15:31 EDT 2020 (1600740931252)

14、Generate Report

生成动态分析报告,如下图所示:

移动端App安全扫描工具MobSF安装及入门教程

上一页1234下一页


留言