def frida_logs(request): try: apphash = request.GET.get('hash', '') stream = request.GET.get('stream', '') if not is_md5(apphash): return invalid_params() if stream: apk_dir = os.path.join(settings.UPLD_DIR, apphash + '/') frida_logs = os.path.join(apk_dir, 'mobsf_frida_out.txt') data = {} if is_file_exists(frida_logs): with open(frida_logs, 'r') as flip: data = {'data': flip.read()} return json_response(data) logger.info('Frida Logs live streaming') template = 'dynamic_analysis/android/frida_logs.html' return render( request, template, { 'hash': apphash, 'package': request.GET.get('package', ''), 'title': 'Live Frida logs' }) except Exception: logger.exception('Frida log streaming') err = 'Error in Frida log streaming' return print_n_send_error_response(request, err)
def instrument(request): """Instrument app with frida.""" data = {} try: logger.info('Starting Instrumentation') package = request.POST['package'] md5_hash = request.POST['hash'] default_hooks = request.POST['default_hooks'] auxiliary_hooks = request.POST['auxiliary_hooks'] code = request.POST['frida_code'] # Fill extras extras = {} class_name = request.POST.get('cls_name') if class_name: extras['cls_name'] = class_name.strip() class_search = request.POST.get('cls_search') if class_search: extras['cls_search'] = class_search.strip() cls_trace = request.POST.get('cls_trace') if cls_trace: extras['cls_trace'] = cls_trace.strip() if (is_attack_pattern(default_hooks) or not strict_package_check(package) or not is_md5(md5_hash)): return invalid_params() frida_obj = Frida(md5_hash, package, default_hooks.split(','), auxiliary_hooks.split(','), extras, code) trd = threading.Thread(target=frida_obj.connect) trd.daemon = True trd.start() data = {'status': 'ok'} except Exception as exp: logger.exception('Instrumentation failed') data = {'status': 'failed', 'message': str(exp)} return json_response(data)
def live_api(request): try: apphash = request.GET.get('hash', '') stream = request.GET.get('stream', '') if not is_md5(apphash): return invalid_params() if stream: apk_dir = os.path.join(settings.UPLD_DIR, apphash + '/') apimon_file = os.path.join(apk_dir, 'mobsf_api_monitor.txt') data = {} if is_file_exists(apimon_file): with open(apimon_file, 'r') as flip: api_list = json.loads('[{}]'.format(flip.read()[:-1])) data = {'data': api_list} return json_response(data) logger.info('Starting API monitor streaming') template = 'dynamic_analysis/android/live_api.html' return render( request, template, { 'hash': apphash, 'package': request.GET.get('package', ''), 'title': 'Live API Monitor' }) except Exception: logger.exception('API monitor streaming') err = 'Error in API monitor streaming' return print_n_send_error_response(request, err)
def download_data(request): """Download Application Data from Device.""" logger.info('Downloading app data') data = {} try: env = Environment() package = request.POST['package'] md5_hash = request.POST['hash'] if is_attack_pattern(package) or not is_md5(md5_hash): return invalid_params() apk_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') stop_httptools(settings.PROXY_PORT) files_loc = '/data/local/' logger.info('Archiving files created by app') env.adb_command([ 'tar', '-cvf', files_loc + package + '.tar', '/data/data/' + package + '/' ], True) logger.info('Downloading Archive') env.adb_command( ['pull', files_loc + package + '.tar', apk_dir + package + '.tar']) logger.info('Stopping ADB server') env.adb_command(['kill-server']) data = {'status': 'ok'} except Exception as exp: logger.exception('Downloading application data') data = {'status': 'failed', 'message': str(exp)} return json_response(data)
def collect_logs(request): """Collecting Data and Cleanup.""" logger.info('Collecting Data and Cleaning Up') data = {} try: env = Environment() md5_hash = request.POST['hash'] package = request.POST['package'] if (not strict_package_check(package) or not is_md5(md5_hash)): return invalid_params() apk_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') lout = os.path.join(apk_dir, 'logcat.txt') dout = os.path.join(apk_dir, 'dump.txt') logger.info('Downloading logcat logs') logcat = env.adb_command(['logcat', '-d', package + ':V', '*:*']) with open(lout, 'wb') as flip: flip.write(logcat) logger.info('Downloading dumpsys logs') dumpsys = env.adb_command(['dumpsys'], True) with open(dout, 'wb') as flip: flip.write(dumpsys) if env.get_android_version() < 5: download_xposed_log(apk_dir) env.adb_command(['am', 'force-stop', package], True) logger.info('Stopping app') # Unset Global Proxy env.unset_global_proxy() data = {'status': 'ok'} except Exception as exp: logger.exception('Data Collection & Clean Up failed') data = {'status': 'failed', 'message': str(exp)} return json_response(data)
def activity_tester(request): """Exported & non exported activity Tester.""" data = {} try: env = Environment() test = request.POST['test'] md5_hash = request.POST['hash'] package = request.POST['package'] if is_attack_pattern(package) or not is_md5(md5_hash): return invalid_params() app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') screen_dir = os.path.join(app_dir, 'screenshots-apk/') if not os.path.exists(screen_dir): os.makedirs(screen_dir) static_android_db = StaticAnalyzerAndroid.objects.filter(MD5=md5_hash) if not static_android_db.exists(): data = { 'status': 'failed', 'message': 'App details not found in database' } return json_response(data) iden = '' if test == 'exported': iden = 'Exported ' logger.info('Exported activity tester') activities = python_list(static_android_db[0].EXPORTED_ACT) else: logger.info('Activity tester') activities = python_list(static_android_db[0].ACTIVITIES) logger.info('Fetching %sactivities for %s', iden, package) if not activities: msg = 'No {}Activites found'.format(iden) logger.info(msg) data = {'status': 'failed', 'message': msg} return json_response(data) act_no = 0 logger.info('Starting %sActivity Tester...', iden) logger.info('%s %sActivities Identified', str(len(activities)), iden) for activity in activities: act_no += 1 logger.info('Launching %sActivity - %s. %s', iden, str(act_no), activity) if test == 'exported': file_iden = 'expact' else: file_iden = 'act' outfile = ('{}{}-{}.png'.format(screen_dir, file_iden, act_no)) env.launch_n_capture(package, activity, outfile) data = {'status': 'ok'} except Exception as exp: logger.exception('%sActivity tester', iden) data = {'status': 'failed', 'message': str(exp)} return json_response(data)
def view_file(request): """View File.""" logger.info('Viewing File') try: typ = '' rtyp = '' dat = '' sql_dump = {} fil = request.GET['file'] md5_hash = request.GET['md5'] typ = request.GET['type'] if not is_md5(md5_hash): return print_n_send_error_response(request, 'Invalid Parameters') src = os.path.join( settings.UPLD_DIR, md5_hash, 'DYNAMIC_DeviceData/') sfile = os.path.join(src, fil) if not is_safe_path(src, sfile) or is_path_traversal(fil): err = 'Path Traversal Attack Detected' return print_n_send_error_response(request, err) with io.open(sfile, mode='r', encoding='ISO-8859-1') as flip: dat = flip.read() if fil.endswith('.xml') and typ == 'xml': rtyp = 'xml' elif typ == 'db': sql_dump = read_sqlite(sfile) rtyp = 'asciidoc' elif typ == 'others': rtyp = 'asciidoc' else: err = 'File type not supported' return print_n_send_error_response(request, err) fil = escape(ntpath.basename(fil)) context = { 'title': fil, 'file': fil, 'dat': dat, 'sql': sql_dump, 'type': rtyp, 'version': settings.MOBSF_VER, } template = 'general/view.html' return render(request, template, context) except Exception: logger.exception('Viewing File') return print_n_send_error_response(request, 'Error Viewing File')
def view_report(request): """Dynamic Analysis Report Generation.""" logger.info('Dynamic Analysis Report Generation') try: md5_hash = request.GET['hash'] package = request.GET['package'] droidmon = {} apimon = {} if (is_attack_pattern(package) or not is_md5(md5_hash)): return print_n_send_error_response(request, 'Invalid Parameters') app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') download_dir = settings.DWD_DIR if not is_file_exists(os.path.join(app_dir, 'logcat.txt')): msg = ('Dynamic Analysis report is not available ' 'for this app. Perform Dynamic Analysis ' 'and generate the report.') return print_n_send_error_response(request, msg) fd_log = os.path.join(app_dir, 'mobsf_frida_out.txt') droidmon = droidmon_api_analysis(app_dir, package) apimon = apimon_analysis(app_dir) analysis_result = run_analysis(app_dir, md5_hash, package) generate_download(app_dir, md5_hash, download_dir, package) images = get_screenshots(md5_hash, download_dir) context = {'md5': md5_hash, 'emails': analysis_result['emails'], 'urls': analysis_result['urls'], 'domains': analysis_result['domains'], 'clipboard': analysis_result['clipboard'], 'xml': analysis_result['xml'], 'sqlite': analysis_result['sqlite'], 'others': analysis_result['other_files'], 'screenshots': images['screenshots'], 'acttest': images['activities'], 'expacttest': images['exported_activities'], 'droidmon': droidmon, 'apimon': apimon, 'fdlog': is_file_exists(fd_log), 'package': package, 'version': settings.MOBSF_VER, 'title': 'Dynamic Analysis'} template = 'dynamic_analysis/android/dynamic_report.html' return render(request, template, context) except Exception as exp: logger.exception('Dynamic Analysis Report Generation') err = 'Error Geneating Dynamic Analysis Report. ' + str(exp) return print_n_send_error_response(request, err)
def dynamic_analyzer(request): """Android Dynamic Analyzer Environment.""" logger.info('Creating Dynamic Analysis Environment') try: bin_hash = request.GET['hash'] package = request.GET['package'] no_device = False if (is_attack_pattern(package) or not is_md5(bin_hash)): return print_n_send_error_response(request, 'Invalid Parameters') try: identifier = get_device() except Exception: no_device = True if no_device or not identifier: msg = ('Is the android instance running? MobSF cannot' ' find android instance identifier. ' 'Please run an android instance and refresh' ' this page. If this error persists,' ' set ANALYZER_IDENTIFIER in MobSF/settings.py') return print_n_send_error_response(request, msg) env = Environment(identifier) if not env.connect_n_mount(): msg = 'Cannot Connect to ' + identifier return print_n_send_error_response(request, msg) version = env.get_android_version() logger.info('Android Version identified as %s', version) xposed_first_run = False if not env.is_mobsfyied(version): msg = ('This Android instance is not MobSfyed.\n' 'MobSFying the android runtime environment') logger.warning(msg) if not env.mobsfy_init(): return print_n_send_error_response( request, 'Failed to MobSFy the instance') if version < 5: xposed_first_run = True if xposed_first_run: msg = ('Have you MobSFyed the instance before' ' attempting Dynamic Analysis?' ' Install Framework for Xposed.' ' Restart the device and enable' ' all Xposed modules. And finally' ' restart the device once again.') return print_n_send_error_response(request, msg) # Clean up previous analysis env.dz_cleanup(bin_hash) # Configure Web Proxy env.configure_proxy(package) # Supported in Android 5+ env.enable_adb_reverse_tcp(version) # Apply Global Proxy to device env.set_global_proxy(version) # Start Clipboard monitor env.start_clipmon() # Get Screen Resolution screen_width, screen_height = env.get_screen_res() logger.info('Installing APK') app_dir = os.path.join(settings.UPLD_DIR, bin_hash + '/') # APP DIRECTORY apk_path = app_dir + bin_hash + '.apk' # APP PATH env.adb_command(['install', '-r', apk_path], False, True) logger.info('Testing Environment is Ready!') context = { 'screen_witdth': screen_width, 'screen_height': screen_height, 'package': package, 'md5': bin_hash, 'version': version, 'title': 'Dynamic Analyzer' } template = 'dynamic_analysis/android/dynamic_analyzer.html' return render(request, template, context) except Exception: logger.exception('Dynamic Analyzer') return print_n_send_error_response(request, 'Dynamic Analysis Failed.')