Scripts to set up your own Android 📱 app hacking lab
Scripts to set up your own mobile 📱 app hacking lab (currently focusing on Android)
Includes the following tools:
FOSS
- Mobile Security Framework is an open-source, automated mobile app security testing tool.FOSS
- Remote anDroid solution for emulating an Android device in a container.FOSS
- a free and open-source tool that allows you to mirror and control your Android device from your computer via ADB.FOSS
- Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.FOSS
- Dex to Java decompiler.FOSS
- Runtime Mobile Exploration.FOSS
- Colored logcat script which only shows log entries for a specific application package.FOSS
- Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for AndroidFOSS
- A tool for reverse engineering Android apk filesproprietary
- Powerful web application security testing platform with interception, scanning, fuzzing, and more.What you get:
root
access to the Android container.
[!NOTE]
Below scripts might requiresudo
access to install certain packages and dependencies. Review the scripts before running them.
wget -qO - https://raw.githubusercontent.com/adityatelange/MobSleuth/main/install.sh | bash
Tools can be installed one by one.
cd $HOME/MobSleuth/src
bash install/common_deps.sh
bash install/docker.sh
Logout and login again to apply group changes as we have added user to docker
group.
Continue installing rest of the components.
cd $HOME/MobSleuth/src
bash install/redroid.sh
bash install/mobsf.sh
bash install/scrcpy.sh
bash install/frida.sh
bash install/jadx.sh
bash install/burpsuite.sh
bash install/objection.sh
bash install/pidcat.sh
All the tools are installed in the ~/MobSleuth
directory.
~/MobSleuth/src
- contains the installation scripts. You may update MobSleuth using git pull
in this directory.~/MobSleuth/installers
- contains the downloaded installers.~/MobSleuth/data11_vol
- contains the data directory for the reDroid container for persistence.~/MobSleuth/mobsf_vol
- contains the data directory for the MobSF container for persistence.~/MobSleuth/tools
- contains the tools installed.~/MobSleuth/certs
- contains the generated CA certificate and private key.cd $HOME/MobSleuth
bash run/run_mobsleuth_services.sh
This will start the following services:
cd $HOME/MobSleuth
bash scripts/generate_cert.sh
Make sure the Android container is running.
cd $HOME/MobSleuth
bash scripts/push_cert.sh
Proxy
> Proxy Settings
Edit
.Import / export CA Certificate
.Certificate and private key in DER format
and click Next
.~/MobSleuth/cert/certificate.der
and in Private key, select ~/MobSleuth/cert/certificate_private_key.der
.Next
and OK
.cd $HOME/MobSleuth
bash run/set_proxy.sh
Unset using:
cd $HOME/MobSleuth
bash run/unset_proxy.sh
Open your browser and go to http://localhost:8000
.
Connect to the Android container using scrcpy
or adb
.
Mirror Screen using scrcpy
:
scrcpy
Connect using adb
:
adb connect localhost:5555
ADB shell:
adb shell
Make sure the Android container is running. Then run the following command.
adb root
Push frida-server and run it on the Android container.
cd $HOME/MobSleuth
bash scripts/push_fridaserver.sh
bash scripts/run_fridaserver.sh
Now we can use frida
to interact with the Android container.
frida-ps -U
jadx
/objection
/pidcat
These tools can directly accessed using the terminal.
jadx
objection
pidcat
This will remove all the tools and the containers. Be careful before running this command.
sudo rm -rf $HOME/MobSleuth
flowchart
subgraph MobSleuth
subgraph Docker Services
subgraph reDroid
redroid5555["ADB server listener :5555"]
redroid27042["frida-server"]
redroidvol["/data"]
redroidsserv["scrcpy-server"]
redroid5555 <---> redroidsserv
redroid5555 <---> redroid27042
end
subgraph MobSF
mobsf8000["WebApp listener :8000"]
mobsfvol["/home/mobsf/.MobSF"]
DA["Dynamic Analyzer"] --> |"via MOBSF_ANALYZER_IDENTIFIER"| redroid5555
end
end
subgraph "Host"
subgraph "local directories"
mobsfdir["~/mobsf"] <--> mobsfvol
redroiddir["~/data11"] <--> redroidvol
end
subgraph listener ports
lp5555[":5555"] <==> |"5555:5555"| redroid5555
lp8000[":8000"] <==> |"8000:8000"| mobsf8000
end
end
subgraph Tools
subgraph ADB
adbd["daemon :5037"] <---> |"shell"| lp5555
end
subgraph scrcpy
scr["via ADB"] <---> lp5555
end
subgraph BurpSuite
burp["Proxy listener :8080"] <-.-> |"proxied traffic"| reDroid
end
subgraph Frida
frida["frida-tools"] <---> lp5555
end
subgraph pidcat
pid["via ADB"] <---> lp5555
end
subgraph objection
obj["via ADB"] <---> lp5555
end
subgraph jadx
end
end
end