Scripts to set up your own mobile π± app hacking lab (currently focusing on Android)
Includes the following tools:
| Tool Name | Type | Description |
|---|---|---|
| MobSF | FOSS | Mobile Security Framework is an open-source, automated mobile app security testing tool. |
| reDroid | FOSS | Remote anDroid solution for emulating an Android device in a container. |
| Scrcpy | FOSS | A free and open-source tool that allows you to mirror and control your Android device from your computer via ADB. |
| Frida | FOSS | Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. |
| Jadx | FOSS | Dex to Java decompiler. |
| Objection | FOSS | Runtime Mobile Exploration. |
| Pidcat | FOSS | Colored logcat script which only shows log entries for a specific application package. |
| APKiD | FOSS | Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android. |
| ApkTool | FOSS | A tool for reverse engineering Android apk files. |
| BurpSuite CE | proprietary | Powerful web application security testing platform with interception, scanning, fuzzing, and more. |
What you get:
- A complete setup of tools to start hacking Android apps.
- A dockerized environment to run Android apps in a container.
- One-command
rootaccess to the Android container. - BurpSuite running on the host machine to intercept and modify traffic.
- Mobsf with dynamic analysis capabilities connected to Android container.
- ADB server running on port 5555 to connect to the Android container.
- Scrcpy to mirror and control the Android container.
- Scripts to generate a CA certificate and install them on the Android container.
- Scripts to install and run Frida on the Android container.
- Download Lubuntu or any Ubuntu based distro.
- Use Lubuntu Installation Guide to install a VM in Virtualbox.
- Make sure you configure sufficient resources for lab to run smoothly.
- Minimum 25GB of virtual disk space.
- Minimum 8GB RAM allocated.
- Mininum 4 Cores allocated.
Note
Below scripts might require sudo access to install certain packages and dependencies.
Review the scripts before running them.
wget -qO - https://raw.githubusercontent.com/adityatelange/MobSleuth/main/install.sh | bashTools can be installed one by one.
cd $HOME/MobSleuth/src
bash install/common_deps.sh
bash install/docker.shLogout and login again to apply group changes as we have added user to docker group.
Continue installing rest of the components.
cd $HOME/MobSleuth/src
bash install/redroid.sh
bash install/mobsf.sh
bash install/scrcpy.sh
bash install/frida.sh
bash install/jadx.sh
bash install/burpsuite.sh
bash install/objection.sh
bash install/pidcat.shAll the tools are installed in the ~/MobSleuth directory.
~/MobSleuth/src- contains the installation scripts. You may update MobSleuth usinggit pullin this directory.~/MobSleuth/installers- contains the downloaded installers.~/MobSleuth/data11_vol- contains the data directory for the reDroid container for persistence.~/MobSleuth/mobsf_vol- contains the data directory for the MobSF container for persistence.~/MobSleuth/tools- contains the tools installed.~/MobSleuth/certs- contains the generated CA certificate and private key.
cd $HOME/MobSleuth
bash run/run_mobsleuth_services.shThis will start the following services:
- reDroid - Android container accessible on port 5555
- MobSF - Mobile Security Framework accessible on port 8000
cd $HOME/MobSleuth
bash scripts/generate_cert.shMake sure the Android container is running.
cd $HOME/MobSleuth
bash scripts/push_cert.sh- Open BurpSuite and go to
Proxy>Proxy Settings - Select an Interface and click on
Edit. - Click on
Import / export CA Certificate. - Select
Certificate and private key in DER formatand clickNext. - In CA Certificate, select
~/MobSleuth/cert/certificate.derand in Private key, select~/MobSleuth/cert/certificate_private_key.der. - Click
NextandOK.
cd $HOME/MobSleuth
bash run/set_proxy.shUnset using:
cd $HOME/MobSleuth
bash run/unset_proxy.shOpen your browser and go to http://localhost:8000.
Connect to the Android container using scrcpy or adb.
Mirror Screen using scrcpy:
scrcpyConnect using adb:
adb connect localhost:5555ADB shell:
adb shellMake sure the Android container is running. Then run the following command.
adb rootPush frida-server and run it on the Android container.
cd $HOME/MobSleuth
bash scripts/push_fridaserver.sh
bash scripts/run_fridaserver.shNow we can use frida to interact with the Android container.
frida-ps -UThese tools can directly accessed using the terminal.
jadxobjectionpidcatThis will remove all the tools and the containers. Be careful before running this command.
sudo rm -rf $HOME/MobSleuthflowchart
subgraph MobSleuth
subgraph Docker Services
subgraph reDroid
redroid5555["ADB server listener :5555"]
redroid27042["frida-server"]
redroidvol["/data"]
redroidsserv["scrcpy-server"]
redroid5555 <---> redroidsserv
redroid5555 <---> redroid27042
end
subgraph MobSF
mobsf8000["WebApp listener :8000"]
mobsfvol["/home/mobsf/.MobSF"]
DA["Dynamic Analyzer"] --> |"via MOBSF_ANALYZER_IDENTIFIER"| redroid5555
end
end
subgraph "Host"
subgraph "local directories"
mobsfdir["~/mobsf"] <--> mobsfvol
redroiddir["~/data11"] <--> redroidvol
end
subgraph listener ports
lp5555[":5555"] <==> |"5555:5555"| redroid5555
lp8000[":8000"] <==> |"8000:8000"| mobsf8000
end
end
subgraph Tools
subgraph ADB
adbd["daemon :5037"] <---> |"shell"| lp5555
end
subgraph scrcpy
scr["via ADB"] <---> lp5555
end
subgraph BurpSuite
burp["Proxy listener :8080"] <-.-> |"proxied traffic"| reDroid
end
subgraph Frida
frida["frida-tools"] <---> lp5555
end
subgraph pidcat
pid["via ADB"] <---> lp5555
end
subgraph objection
obj["via ADB"] <---> lp5555
end
subgraph jadx
end
end
end
