search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
16.66k stars 3.16k forks source link

Invalid HTTP_HOST header: ':::8000' #2370

Closed AmmeySaini closed 2 months ago

AmmeySaini commented 3 months ago

ENVIRONMENT

OS and Version: Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-101-generic x86_64)
Python Version: 3.10.12
MobSF Version: v3.9.7 Beta

EXPLANATION OF THE ISSUE

When analyzing an APK file by uploading it to MobSF, static analysis fails with error logs on terminal, "[APK](https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass/releases/download/v31.5.3/tiktok-v31.5.3.apk)"

STEPS TO REPRODUCE THE ISSUE

1. Upload APK to static analyzer
2. After a few mins of processing the file, it fails

LOG FILE

debug.log

Log file attached
github-actions[bot] commented 3 months ago

👋 @AmmeySaini Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

AmmeySaini commented 3 months ago

I think this might have something to do with JADX, but I did notice a weird behavior after I changed the value for MOBSF_JADX_TIMEOUT to 3600, the default is 1800, now it's stuck at Code Analysis Started on - java_source for approx 5 hours

ohyeah521 commented 3 months ago

pls upload apk,i'll test it.

AmmeySaini commented 3 months ago

it's already mentioned in the description tho, but here is the URL again APK

ohyeah521 commented 3 months ago

It's tiktok. It's not surprising. You can't imagine this behemoth. It has more than 180,000 classes and more than 1 million methods. It is normal to be slow. It consumes CPU and memory extremely because it is too big. It is recommended to use SSD analysis to provide IO reading and writing efficiency, memory 64G or more

AmmeySaini commented 3 months ago

I kept it running the whole day yesterday and I did receive the same error logs Code Analysis kept running for 10+ hours (check logs for exact timings) and again crashed with the same error

Part of the Log (Full logs for the error are the same as uploaded initially, this log is just for timestamping the errors): [INFO] 31/Mar/2024 09:51:38 - Code Analysis Started on - java_source Skipping large file /root/.MobSF/uploads/d19c637963fca0f77ab840b94e815468/java_source/X/C17010ld.java [WARNING] 31/Mar/2024 15:27:53 - Not Found: /.env [WARNING] 31/Mar/2024 18:24:13 - Not Found: /robots.txt [WARNING] 31/Mar/2024 18:24:13 - Not Found: /sitemap.xml [DEBUG] 31/Mar/2024 23:27:45 - Exception while resolving variable 'build_absolute_uri' in template 'unknown'. Traceback (most recent call last): I believe this might be due to the big codebase of the APK, but there should be a better way to handle this kind of behavior

AmmeySaini commented 3 months ago

I'm using a dedicated VPS for this 1 TB SSD, 128 GB RAM, Ubuntu OS, I'm not sure about cores, but it's 16+ for sure

ohyeah521 commented 3 months ago

modify jadx(mobsf\StaticAnalyzer\tools\jadx\bin)

set DEFAULT_JVM_OPTS="-Xms128M" "-XX:MaxRAMPercentage=70.0" "-XX:+UseG1GC"

change to: set DEFAULT_JVM_OPTS="-Xms16G" "-XX:MaxRAMPercentage=70.0" "-XX:+UseG1GC"

AmmeySaini commented 3 months ago

This did help. The entire analysis process only took a few minutes. I wonder if this information has already been mentioned in the documentation. If not, it should be included.

AmmeySaini commented 3 months ago

There might be another issue, the analysis was a success, but when I tried downloading the java code, the java (zip) file was all empty, not even able to view the codes in mobsf dashboard

ajinabraham commented 2 months ago

Works for me on an MBP without any modification, 6 Core, 2.6 GHz Core i7 | 32GB RAM

[INFO] 11/Apr/2024 03:38:04 - Code Analysis Started on - java_source
Skipping large file /***/.MobSF/uploads/d19c637963fca0f77ab840b94e815468/java_source/X/C17010ld.java
[INFO] 11/Apr/2024 03:51:53 - Android SAST Completed
[INFO] 11/Apr/2024 03:51:53 - Android API Analysis Started
Skipping large file  /***/.MobSF/uploads/d19c637963fca0f77ab840b94e815468/java_source/X/C17010ld.java
[INFO] 11/Apr/2024 03:58:31 - Android Permission Mapping Started
Skipping large file /***/.MobSF/uploads/d19c637963fca0f77ab840b94e815468/java_source/X/C17010ld.java
[INFO] 11/Apr/2024 04:39:00 - Android Permission Mapping Completed
[INFO] 11/Apr/2024 04:41:32 - Finished Code Analysis, Email and URL Extraction
[INFO] 11/Apr/2024 04:41:32 - Extracting Data from APK
[INFO] 11/Apr/2024 04:41:42 - Extracting Data from Source Code
[INFO] 11/Apr/2024 04:43:19 - Detecting Firebase URL(s)
[INFO] 11/Apr/2024 04:43:19 - Performing Malware Check on extracted Domains
[INFO] 11/Apr/2024 04:43:20 - Maltrail Database is outdated!
[INFO] 11/Apr/2024 04:43:20 - Updating Maltrail Database
[INFO] 11/Apr/2024 04:43:50 - Saving to Database
[INFO] 11/Apr/2024 04:44:06 - Scan Hash: d19c637963fca0f77ab840b94e815468
[INFO] 11/Apr/2024 04:44:06 - Starting Analysis on: tiktok-v31.5.3.apk
[INFO] 11/Apr/2024 04:44:06 - Analysis is already Done. Fetching data from the DB...