Home
Blog
Podcasts
Contact Us
MOBILE APPLICATION ANALYSIS WITH MOB SF I
MOBILE APPLICATION ANALYSIS WITH MOB SF I

Introduction to Mob SF

You've just developed a mobile application (android / iOS) and it's about time to go live. You are, however, required (by management, perhaps) to perform security tests to ensure that the new app is devoid of common application vulnerabilities and is secure to be shipped to production.

Or, in a bid to improve your pentesting skills, you want to delve into the world of mobile application testing. As you would find out, there are different approaches to testing mobile apps, and several applications available to make this easier.

We will consider one of these applications in this article: The Mobile Security Framework (Mob SF).

Mob SF is an open-source security application capable of performing static and dynamic analysis on mobile applications (android and IoS), and performing any of pentesting and/or malware analysis (You can find the Mob SF git here). It is one of the most widely used mobile application testing frameworks because of it's ease of installation, easy-to-use graphical user interface, and testing effectiveness. As expected, Mob SF can be installed on Windows, Unix and Mac hosts/virtual machines. For the sake of this demonstration, we will be installing and using Mob SF for static (android application) analysis on a windows host.

INSTALLATION REQUIREMENTS (Windows):

Before Mob SF installation, install the following dependencies on the Windows host:

  • Install Git from here
  • Python 3.7: This is obtainable from the Python website
  • Java JDK 8+ from here
  • Visual Studio C++ Build Tools from here
  • Install Open SSL from here
  • Install wkhtmltopd: This will be required to generate PDF reports and can be downloaded from here
  • Add wkhtmltopdf to path: Steps given here

INSTALLING MOB SF

Mob SF can be installed using the following short steps:

1) Clone the Mob SF git on your windows host by entering the following command in Command Prompt:

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git

2) Navigate to the Mob SF git directory

cd Mobile-Security-Framework-MobSF

3) Enter the Mob SF setup command

Setup.bat

NB: If you encounter errors, then some of the dependencies may not have been installed appropriately / completely.

The installation is complete when you see this page:

Mob SF installation complete

RUNNING MOB SF

1) To use Mob SF, start the application using the run command (in the Mob SF cmd path)

Run.bat

2) The Mob SF user interface can be accessed on any browser via the loopback address on port 8000.

In your browser, enter "localhost:8000" or "127.0.0.1:8000"

The Mob SF web homepage appears like this:

Mob SF homepage

You can upload the file for analysis by dragging and dropping a mobile APK or iOS file or from the "Upload & Analyze" button.

The backend (command prompt) looks like this:

Uploading android file - BackEnd

When Mob SF completes the static analysis, it generates the summary report of findings shown below:

Mob SF Analysis Report

You can view details of the different findings by entering any of the sub-sections in the "Static Analyzer" widget.

May 12th, 2020

Recent Articles

ZERO DAY ATTACKS

CYBER SECURITY IN THE HEALTHCARE INDUSTRY

AI IN CYBER SECURITY - ALLY OR ADVERSARY

CYBER SECURITY TRENDS TO WATCH IN 2024

LAW ENFORCEMENT DISRUPTS LOCKBIT RANSOMWARE