Difference between revisions of "Mobile-Security-Framework-MobSF"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 52: Line 52:




== Used Hardware ==
[[Device to be used with this documentation]]
[[Maybe another device to be used with this documentation]]


== Courses ==
== Courses ==

Revision as of 17:58, 12 March 2024

Mobile-Security-Framework

Summary

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

Requirements

Description

Step 1: Open the Webpage

http://localhost:8000

MobSF startpage.PNG

Step 2: Upload Mobile Application

Select the upload button. This could take a while, because MobSF will decompile the apk and analyze all the files and dependencies.

Step 3: Static Analysis

After uploading our Mobile Application the Report will be generated and we can see the resulting information. On the starting page we can see a general overview about the results: Modsf Static 1.png

If MobSF finds CWE's during the code analysis, the results will be shown like this: Modsf Static 2.png

MobSF also gives the user the opportunity to compare different apks.

Modsf Static 3.png


Modsf Static 4.png


Modsf Static 5.png

Optional Step 4: Dynamic Analysis

If the dynamic analysis is started, a emulation of the app will be started and it is possible to monitor the behaviour and possibly load some Java scripts. Modsf Dynamic 1.png


Modsf Dynamic 2.png


Modsf Dynamic 3.png


Modsf Dynamic 4.png


Courses

  • Sichere Softwareentwicklung (IT-Security 22/23)

References

Retrieved from "https://wiki.elvis.science/index.php?title=Mobile-Security-Framework-MobSF&oldid=14633"