[FEATURE] SHA256 hash after a POST request

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

https://opensecurity.in

GNU General Public License v3.0

17.18k stars 3.22k forks source link

[FEATURE] SHA256 hash after a POST request #2375

Closed taaaahahaha closed 4 months ago

taaaahahaha commented 5 months ago

After a POST request has been sent using REST api; a MD5 hash is returned. Due to this, a rare occur but two apk's have a better chance of getting overlapped using this MD5. If SHA256 is being retuned, gives a better chance for scanning the uploaded apks

github-actions[bot] commented 5 months ago

👋 @taaaahahaha Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.

ajinabraham commented 4 months ago

We are aware of MD5 hash collision. Do you have an example that caused an issue? Will keep this as an enhancement ticket to migrate from MD5 to sha2 or similar.

ajinabraham commented 4 months ago

Tracked separately.

ajinabraham commented 4 months ago

Duplicate https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1930

taaaahahaha commented 3 months ago

I was using AndroZoo's APK library and this collision caused an inconsistency in my dataset; I do not have the APK at the moment.