Scripts to set up your own mobile 📱 app hacking lab (currently focusing on Android)
Includes the following tools:
Tool Name | Type | Description |
---|---|---|
MobSF | FOSS | Mobile Security Framework is an open-source, automated mobile app security testing tool. |
reDroid | FOSS | Remote anDroid solution for emulating an Android device in a container. |
Scrcpy | FOSS | A free and open-source tool that allows you to mirror and control your Android device from your computer via ADB. |
Frida | FOSS | Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. |
Jadx | FOSS | Dex to Java decompiler. |
Objection | FOSS | Runtime Mobile Exploration. |
Pidcat | FOSS | Colored logcat script which only shows log entries for a specific application package. |
APKiD | FOSS | Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android. |
ApkTool | FOSS | A tool for reverse engineering Android apk files. |
BurpSuite CE | proprietary | Powerful web application security testing platform with interception, scanning, fuzzing, and more. |
What you get:
- A complete setup of tools to start hacking Android apps.
- A dockerized environment to run Android apps in a container.
- One-command
root
access to the Android container. - BurpSuite running on the host machine to intercept and modify traffic.
- Mobsf with dynamic analysis capabilities connected to Android container.
- ADB server running on port 5555 to connect to the Android container.
- Scrcpy to mirror and control the Android container.
- Scripts to generate a CA certificate and install them on the Android container.
- Scripts to install and run Frida on the Android container.
- Download Lubuntu or any Ubuntu based distro.
- Use Lubuntu Installation Guide to install a VM in Virtualbox.
- Make sure you configure sufficient resources for lab to run smoothly.
- Minimum 25GB of virtual disk space.
- Minimum 8GB RAM allocated.
- Mininum 4 Cores allocated.
Note
Below scripts might require sudo
access to install certain packages and dependencies.
Review the scripts before running them.
wget -qO - https://raw.githubusercontent.com/adityatelange/MobSleuth/main/install.sh | bash
Tools can be installed one by one.
cd $HOME/MobSleuth/src
bash install/common_deps.sh
bash install/docker.sh
Logout and login again to apply group changes as we have added user to docker
group.
Continue installing rest of the components.
cd $HOME/MobSleuth/src
bash install/redroid.sh
bash install/mobsf.sh
bash install/scrcpy.sh
bash install/frida.sh
bash install/jadx.sh
bash install/burpsuite.sh
bash install/objection.sh
bash install/pidcat.sh
All the tools are installed in the ~/MobSleuth
directory.
~/MobSleuth/src
- contains the installation scripts. You may update MobSleuth usinggit pull
in this directory.~/MobSleuth/installers
- contains the downloaded installers.~/MobSleuth/data11_vol
- contains the data directory for the reDroid container for persistence.~/MobSleuth/mobsf_vol
- contains the data directory for the MobSF container for persistence.~/MobSleuth/tools
- contains the tools installed.~/MobSleuth/certs
- contains the generated CA certificate and private key.
cd $HOME/MobSleuth
bash run/run_mobsleuth_services.sh
This will start the following services:
- reDroid - Android container accessible on port 5555
- MobSF - Mobile Security Framework accessible on port 8000
cd $HOME/MobSleuth
bash scripts/generate_cert.sh
Make sure the Android container is running.
cd $HOME/MobSleuth
bash scripts/push_cert.sh
- Open BurpSuite and go to
Proxy
>Proxy Settings
- Select an Interface and click on
Edit
. - Click on
Import / export CA Certificate
. - Select
Certificate and private key in DER format
and clickNext
. - In CA Certificate, select
~/MobSleuth/cert/certificate.der
and in Private key, select~/MobSleuth/cert/certificate_private_key.der
. - Click
Next
andOK
.
cd $HOME/MobSleuth
bash run/set_proxy.sh
Unset using:
cd $HOME/MobSleuth
bash run/unset_proxy.sh
Open your browser and go to http://localhost:8000
.
Connect to the Android container using scrcpy
or adb
.
Mirror Screen using scrcpy
:
scrcpy
Connect using adb
:
adb connect localhost:5555
ADB shell:
adb shell
Make sure the Android container is running. Then run the following command.
adb root
Push frida-server and run it on the Android container.
cd $HOME/MobSleuth
bash scripts/push_fridaserver.sh
bash scripts/run_fridaserver.sh
Now we can use frida
to interact with the Android container.
frida-ps -U
These tools can directly accessed using the terminal.
jadx
objection
pidcat
This will remove all the tools and the containers. Be careful before running this command.
sudo rm -rf $HOME/MobSleuth
flowchart
subgraph MobSleuth
subgraph Docker Services
subgraph reDroid
redroid5555["ADB server listener :5555"]
redroid27042["frida-server"]
redroidvol["/data"]
redroidsserv["scrcpy-server"]
redroid5555 <---> redroidsserv
redroid5555 <---> redroid27042
end
subgraph MobSF
mobsf8000["WebApp listener :8000"]
mobsfvol["/home/mobsf/.MobSF"]
DA["Dynamic Analyzer"] --> |"via MOBSF_ANALYZER_IDENTIFIER"| redroid5555
end
end
subgraph "Host"
subgraph "local directories"
mobsfdir["~/mobsf"] <--> mobsfvol
redroiddir["~/data11"] <--> redroidvol
end
subgraph listener ports
lp5555[":5555"] <==> |"5555:5555"| redroid5555
lp8000[":8000"] <==> |"8000:8000"| mobsf8000
end
end
subgraph Tools
subgraph ADB
adbd["daemon :5037"] <---> |"shell"| lp5555
end
subgraph scrcpy
scr["via ADB"] <---> lp5555
end
subgraph BurpSuite
burp["Proxy listener :8080"] <-.-> |"proxied traffic"| reDroid
end
subgraph Frida
frida["frida-tools"] <---> lp5555
end
subgraph pidcat
pid["via ADB"] <---> lp5555
end
subgraph objection
obj["via ADB"] <---> lp5555
end
subgraph jadx
end
end
end