Unable to connect to internet after HTTPS interception proxy

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

https://opensecurity.in

GNU General Public License v3.0

17.18k stars 3.22k forks source link

Unable to connect to internet after HTTPS interception proxy #1117

Closed ghost closed 4 years ago

ghost commented 4 years ago

ENVIRONMENT

OS and Version: Windows 10 Enterprise build 17134
Python Version: 3.7.4
MobSF Version: Latest build

EXPLANATION OF THE ISSUE

After setting up HTTPS interception proxy, Genymotion VM unable to connect to internet.

I have tried changing the ports but the problem still persists.

STEPS TO REPRODUCE THE ISSUE

Running MobSF in windows 10 environment with Genymotion VM having Android Nougat 7.0

Other Information

MobSF running in default configuration.
Commenting the line env.set_global_proxy(version) has fixed the issue temporarily. of course HTTPS interceptor won't work.
Windows firewall is active.(Default configuration)

LOG FILE

debug.log

ajinabraham commented 4 years ago

After setting up HTTPS interception proxy- What do you mean, MobSF does that automatically and redirects all traffic through the proxy. If the app is having SSL certificate checks or pinning, you need to instrument it with Frida for android >4.4 to get internet connectivity.

ghost commented 4 years ago

So in order to access the internet, I need to manually bypass SSL pinning ?

Is there a way to disable HTTPS interception ? I just need to monitor APIs

JeffKitson commented 4 years ago

This also seems to happen if you have MobSF target a physical device for dynamic testing; at least in my case. It seems the proxy settings are set HERE and never get deleted/unset.

For me to unset the proxy and allow normal traffic I had to use the commands described in this post

adb shell settings delete global http_proxy
adb shell settings delete global global_http_proxy_host
adb shell settings delete global global_http_proxy_port

ghost commented 4 years ago

This also seems to happen if you have MobSF target a physical device for dynamic testing; at least in my case. It seems the proxy settings are set HERE and never get deleted/unset.

For me to unset the proxy and allow normal traffic I had to use the commands described in this post
adb shell settings delete global http_proxy
adb shell settings delete global global_http_proxy_host
adb shell settings delete global global_http_proxy_port

Yep, I had removed the global proxy with same commands. Thanks for the comment though, it would help others having similar problem, it took me a while. For me, using MobSF on physical device causes ADB command errors as executing a ADB command in emulator is little different than physical device considering we use stock ROMs. I have used Samsung J7 Prime with stock ROM (rooted).

For instance in my device, all ADB commands that require root privileges require the input su -c after adb shell so the command looks like adb shell su -c [command]

ajinabraham commented 4 years ago

@drakewader depends on your app, for most apps you need to bypass certificate checks so that it can talk to internet. We don't have an option to disable traffic interception. But I will add a task to unset proxy after analysis.

We only support Genymotion VMs at the moment. There is a lot of unknowns in real devices and we don't support them.

ajinabraham commented 4 years ago

Closing this a feature request to track this is added here: https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1118