Shulou(Shulou.com)05/31 Report--

Editor to share with you the open source mobile security testing framework MobSF installation process will encounter what kind of pit, I believe that most people do not know much, so share this article for your reference, I hope you will learn a lot after reading this article, let's learn about it!

Operation environment

Python 2.7.Please click Python 2.7for download.

Oracle JDK 1.7 or above, please click: Oracle JDK for download

To download Oracle VirtualBox, please click: VirtualBox

Download the command line tool (Mac system) required for iOS IPA analysis (to be performed on Mac systems), please click: Conmand-line tool

Hardware configuration: 4GB or above memory, 5G hard disk space.

-

Latest framework and virtual machine download address (2017.3.9)

MobSF latest release Github download address: MobSF

MobSF VM 0.3 ova file Baidu network disk download address: MobSF.VM.

-

Installation

At present, the framework is only tested on Windows 7,8,8.1,10, Ubuntu (14.04), Kali (2016.2) OSX (Mavericks, Yosemite, El Capitan, Sierra) and other system platforms. (this article is installed on a 64-bit-based Centos7 virtual machine, or on a physical machine according to the actual situation. )

Linux: extract the MobSF zip file to / home/ [username] / MobSF.

-

Installation process

Install the centos7 virtual machine, choose to install the GNOME desktop (after the MobSF installation is completed, you need to present the test results in the browser), and restart to enter the desktop system after the installation.

Check to see if Python2.7 and JDK1.7 or above are installed, and if bit installed, download the response version from the address above to install it.

Configure static Analyzer

Enter the unzipped folder of MobSF and put it in / home/ [username] / MobSF by default (otherwise you will be prompted that the requirements.txt file cannot be found) install the MobSF Python dependency package through pip and execute

Pip install-r requirements.txt

-

Here's the problem:

Pit NO.1: prompt that the pip command is missing / not found.

Now if you install pip directly with yum, you may get an error saying that there is no python-pip package to install.

No package python-pip available.Error: Nothing to do

This is because for spawned distributions like centos, their feeds sometimes lag behind in content updates, or sometimes extended feeds don't exist at all. So when you use yum to search python-pip, you will say that the package was not found. So in order to be able to install these packages, you need to install the extension source EPEL first.

Sudo yum-y install epel-release

Then install pip

Sudo yum-y install python-pip pit No.2: timeout error

Execute pip install-r requirements.txt again, prompting for timeout

ReadTimeoutError: HTTPSConnectionPool (host='pypi.python.org', port=443): Read timed out.

Set the timeout

Pip-- default-timeout=100 install-U Pillow

Change the default mirror source of python pip (in this article, change it to the source of University of Science and Technology of China, or you can search for other sources to change it). After directly following the pypi.mirrors.ustc.edu.cn source address, the prompt source is not trusted and cannot execute the command. So set the-- trusted-host parameter to the trusted source. The final command is as follows:

Pip install-r requirements.txt-- trusted-host pypi.mirrors.ustc.edu.cn

Failed to execute the No.3:GCC command

Error: command 'gcc' failed with exit status 1

Install yum install gcc is not OK, found that gcc has been installed, the prompt is failed rather than not found, which indicates that this error should be the lack of some functional modules.

Execution

Yum install python-devel openssl-devel

Then execute it again.

Pip install-r requirements.txt-- trusted-host pypi.mirrors.ustc.edu.cn

Finally prompt Successfully that the static analyzer has been configured.

Successfully installed configparser-3.5.0 cryptography-1.7.2 pdfkit-0.6.1 pyOpenSSL-16.2.0 rsa-3.4.2 -- run MobSF

To run the program locally, the default access port is 8000

Python manage.py runserver

Open the http://127.0.0.1:8000 port to view and press Ctrl+C to exit the program.

You can upload apk files for static analysis, and the static analysis function can be used normally.

At this point, the website can only be accessed locally by default. If you need others to also access the website, you need to specify the ip of 0.0.0.0. When others visit, enter the ip address of the computer plus the port number 8000. (you can also enter a different port and change the format 0.0.0.0pur8001)

Python manager.py runserver 0.0.0.0 8001 and above are all the contents of this article entitled "what pits will be encountered during the installation of the open source mobile security testing framework MobSF". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.