Dynamic Analysis POST /GetEnv/ 500 Response code

[surgicalmittens]

The Android VM starts. However, after I click "Create Environment" on the Dynamic Analysis page it says "Trying to setup the environment". At this point the following error is displayed on the DynamicAnalyzer page.

OSError at /GetEnv/ [Errno 2] No such file or directory Request

The console where the server is running says:

[INFO] VM Restore Snapshot
Waiting for VM "03ca20c1-db4a-4edf-9b15-55afa9da3c67" to power on...
VM "03ca20c1-db4a-4edf-9b15-55afa9da3c67" has been successfully started.

[INFO] VM Starting
POST /DynamicAnalyzer/ HTTP/1.1" 200 17721

[INFO] HTTPS Proxy (PID: 11515) Running on 192.168.56.1:1337
"POST /GetEnv/ HTTP/1.1" 500 11195

[ajinabraham]

That's strange. Looks like the problem is happening for you in DynamicAnalyzer/views.py The WebProxy is starting and ConnectInstallRun() is the next function to execute. OSError at /GetEnv/ [Errno 2] No such file or directory Request is a strange error. There is nothing in the code referring to Request

[surgicalmittens]

Thanks for the quick response. I'm sorry part of the confusion may be due to my copy/paste mistake. Request is just more information about the the error. It seems like it's failing because the POST Request failed because /GetEnv/ does not exist so the web server throws a 500 Error code.

OSError at /GetEnv/ [Errno 2] No such file or directory Request Method: POST Request URL: http://127.0.0.1:8000/GetEnv/

I believe that ConnectInstallRun() is throwing the error.

[surgicalmittens]

Here is a more detailed error log from the bottom of the /DynamicAnalyzer/ page.

''' OSError at /GetEnv/ [Errno 2] No such file or directory Request Method: POST Request URL: http://127.0.0.1:8000/GetEnv/ Django Version: 1.8 Python Executable: /usr/bin/python Python Version: 2.7.6 Python Path: ['/home/user/MobSF', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages/gtk-2.0'] Server time: Fri, 11 Sep 2015 20:38:45 +0000 Installed Applications: ('django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'StaticAnalyzer', 'DynamicAnalyzer') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware') Traceback: File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response 132. response = wrapped_callback(request, _callback_args, _callback_kwargs) File "/home/user/MobSF/DynamicAnalyzer/views.py" in GetEnv 66. ConnectInstallRun(TOOLS_DIR,VM_IP,APP_PATH,PKG,LNCH,True) #Change True to support non-activity components File "/home/user/MobSF/DynamicAnalyzer/views.py" in ConnectInstallRun 436. subprocess.call([adb, "kill-server"]) File "/usr/lib/python2.7/subprocess.py" in call 522. return Popen(_popenargs, _kwargs).wait() File "/usr/lib/python2.7/subprocess.py" in init 710. errread, errwrite) File "/usr/lib/python2.7/subprocess.py" in _execute_child 1327. raise child_exception Exception Type: OSError at /GetEnv/ Exception Value: [Errno 2] No such file or directory Request information: GET: No GET data POST: csrfmiddlewaretoken = u'JaJrRP2gDQ9npV5R5U34bEi29xGL42Ca' pkg = u'com.android.insecurebankv2' lng = u'com.android.insecurebankv2.LoginActivity' md5 = u'2658e6ae6f796ad44783fefe93d20e5d' FILES: No FILES data COOKIES: csrftoken = 'JaJrRP2gDQ9npV5R5U34bEi29xGL42Ca' META: wsgi.version = RUN_MAIN = 'true' HTTP_REFERER = 'http://127.0.0.1:8000/DynamicAnalyzer/' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SOFTWARE = 'WSGIServer/0.1 Python/2.7.6' SCRIPT_NAME = u'' LESSOPEN = '| /usr/bin/lesspipe %s' SSH_CLIENT = '[REDACTED_IP] 54068 22' REQUEST_METHOD = 'POST' LOGNAME = 'user' USER = 'user' PATH = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games' QUERY_STRING = '' HOME = '/home/user' wsgi.errors = ', mode 'w' at 0x7f508ff981e0> LANG = 'en_US.UTF-8' TERM = 'xterm-256color' SHELL = '/bin/bash' TZ = 'UTC' HTTP_COOKIE = 'csrftoken=JaJrRP2gDQ9npV5R5U34bEi29xGL42Ca' SERVER_NAME = 'localhost' REMOTE_ADDR = '127.0.0.1' SHLVL = '1' wsgi.url_scheme = 'http' SERVER_PORT = '8000' CONTENT_LENGTH = '165' HTTP_PRAGMA = 'no-cache' XDG_RUNTIME_DIR = '/run/user/1000' HTTP_X_REQUESTED_WITH = 'XMLHttpRequest' wsgi.file_wrapper = '' CSRF_COOKIE = u'JaJrRP2gDQ9npV5R5U34bEi29xGL42Ca' wsgi.input = HTTP_USER_AGENT = 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0' HTTP_HOST = '127.0.0.1:8000' wsgi.multithread = True HTTP_CONNECTION = 'keep-alive' HTTP_CACHE_CONTROL = 'no-cache' XDG_SESSIONID = '7' = '/usr/bin/python' HTTPACCEPT = 'application/json, text/javascript, /_; q=0.01' SSH_CONNECTION = '[REDACTED_IP] 54068 [REDACTED_IP]' LESSCLOSE = '/usr/bin/lesspipe %s %s' GATEWAY_INTERFACE = 'CGI/1.1' wsgi.run_once = False SSH_TTY = '/dev/pts/2' OLDPWD = '/home/user/Desktop' wsgi.multiprocess = False HTTP_ACCEPT_LANGUAGE = 'en-US,en;q=0.5' PWD = '/home/user/MobSF' DJANGO_SETTINGS_MODULE = 'MobSF.settings' CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=UTF-8' MAIL = '/var/mail/user' LSCOLORS = 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arj=01;31:.taz=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.zip=01;31:.z=01;31:.Z=01;31:.dz=01;31:.gz=01;31:.lz=01;31:.xz=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.jpg=01;35:.jpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.axv=01;35:.anx=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.axa=00;36:.oga=00;36:.spx=00;36:_.xspf=00;36:' REMOTE_HOST = '' HTTP_ACCEPT_ENCODING = 'gzip, deflate' PATH_INFO = u'/GetEnv/' Settings: Using settings module MobSF.settings SECURE_BROWSER_XSS_FILTER = False USE_THOUSAND_SEPARATOR = False CSRF_COOKIE_SECURE = False LANGUAGE_CODE = 'en-us' ROOT_URLCONF = 'MobSF.urls' MANAGERS = BASE_DIR = '/home/user/MobSF' SILENCED_SYSTEM_CHECKS = [] DEFAULT_CHARSET = 'utf-8' SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer' STATIC_ROOT = None ALLOWED_HOSTS = [] MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' EMAIL_SUBJECT_PREFIX = '[Django] ' SERVER_EMAIL = 'root@localhost' SECURE_HSTS_SECONDS = 0 STATICFILES_FINDERS = SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_NAME = 'sessionid' TIME_INPUT_FORMATS = SECURE_REDIRECT_EXEMPT = [] DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'AUTOCOMMIT': True, 'ATOMIC_REQUESTS': False, 'NAME': '/home/user/MobSF/db.sqlite3', 'CONN_MAX_AGE': 0, 'TIMEZONE': 'UTC', 'OPTIONS': {}, 'HOST': '', 'USER': '', 'TEST': {'COLLATION': None, 'CHARSET': None, 'NAME': None, 'MIRROR': None}, 'PASSWORD': u'***', 'PORT': ''}} EMAIL_SSLKEYFILE = u'******_' TEMPLATE_DEBUG = True FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_HANDLERS = DEFAULT_CONTENT_TYPE = 'text/html' UUID = '03ca20c1-db4a-4edf-9b15-55afa9da3c67' SUUID = '79efc8e6-3121-47d5-b398-c0da6c108ff5' APPEND_SLASH = True LOCALE_PATHS = DATABASE_ROUTERS = [] DEFAULT_TABLESPACE = '' YEAR_MONTH_FORMAT = 'F Y' STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} SESSION_COOKIE_PATH = '/' SECURE_CONTENT_TYPE_NOSNIFF = False MIDDLEWARE_CLASSES = USE_I18N = True THOUSAND_SEPARATOR = ',' SECRETKEY = u'******_' PORT = '1337' LANGUAGE_COOKIE_NAME = 'django_language' DECOMPILER = 'jd-core' DEFAULT_INDEX_TABLESPACE = '' LOGGING_CONFIG = 'logging.config.dictConfig' TEMPLATE_LOADERS = VBOX = '/usr/bin/VBoxManage' FIRST_DAY_OF_WEEK = 0 WSGI_APPLICATION = 'MobSF.wsgi.application' PROXY_IP = '192.168.56.1' X_FRAME_OPTIONS = 'SAMEORIGIN' CSRF_COOKIE_NAME = 'csrftoken' EMAIL_HOSTPASSWORD = u'******_' USE_X_FORWARDED_HOST = False EMAIL_TIMEOUT = None SECURE_SSL_HOST = None SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SESSION_COOKIE_SECURE = False JAVA_PATH = '/usr/bin/' CSRF_COOKIE_DOMAIN = None FILE_CHARSET = 'utf-8' DEBUG = True LANGUAGE_COOKIE_DOMAIN = None DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' INSTALLED_APPS = LANGUAGES = USE_L10N = True SECURE_HSTS_INCLUDE_SUBDOMAINS = False STATICFILES_DIRS = '/home/user/MobSF/static/' PREPEND_WWW = False SECURE_PROXY_SSL_HEADER = None LANGUAGE_COOKIE_AGE = None SESSION_COOKIE_HTTPONLY = True DEBUG_PROPAGATE_EXCEPTIONS = False CSRF_COOKIE_AGE = 31449600 MONTH_DAY_FORMAT = 'F j' LOGIN_URL = '/accounts/login/' SESSION_EXPIRE_AT_BROWSER_CLOSE = False TIME_FORMAT = 'P' AUTH_USER_MODEL = 'auth.User' DATE_INPUT_FORMATS = AUTHENTICATION_BACKENDS = 'django.contrib.auth.backends.ModelBackend' FORCE_SCRIPT_NAME = None PASSWORD_RESET_TIMEOUTDAYS = u'******_' SESSION_FILE_PATH = None CACHE_MIDDLEWARE_ALIAS = 'default' SESSION_SAVE_EVERY_REQUEST = False NUMBER_GROUPING = 0 SESSION_ENGINE = 'django.contrib.sessions.backends.db' CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_COOKIE_PATH = '/' LOGIN_REDIRECT_URL = '/accounts/profile/' DECIMAL_SEPARATOR = '.' IGNORABLE_404_URLS = MIGRATION_MODULES = {} TEMPLATE_STRING_IF_INVALID = '' LOGOUT_URL = '/accounts/logout/' EMAIL_USE_TLS = False FIXTURE_DIRS = EMAIL_HOST = 'localhost' DATE_FORMAT = 'N j, Y' MEDIA_ROOT = '/home/user/MobSF/uploads' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' ADMINS = FORMAT_MODULE_PATH = None DEFAULT_FROM_EMAIL = 'webmaster@localhost' MEDIA_URL = '/uploads/' DATETIME_FORMAT = 'N j, Y, P' TEMPLATE_DIRS = '/home/user/MobSF/templates' DISALLOWED_USER_AGENTS = ALLOWED_INCLUDE_ROOTS = LOGGING = {} SHORT_DATE_FORMAT = 'm/d/Y' TEMPLATES = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' CACHE_MIDDLEWARE_KEYPREFIX = u'******_' SECURE_SSL_REDIRECT = False TIME_ZONE = 'UTC' FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_USE_SSL = False TEMPLATE_CONTEXT_PROCESSORS = SESSION_COOKIE_AGE = 1209600 VM_IP = '192.168.56.101' SETTINGS_MODULE = 'MobSF.settings' USE_ETAGS = False LANGUAGES_BIDI = FILE_UPLOAD_TEMP_DIR = None INTERNAL_IPS = STATIC_URL = '/static/' EMAIL_PORT = 25 USE_TZ = True SHORT_DATETIME_FORMAT = 'm/d/Y P' TEST_NON_SERIALIZED_APPS = [] PASSWORDHASHERS = u'*******' ABSOLUTE_URL_OVERRIDES = {} LANGUAGE_COOKIE_PATH = '/' CACHE_MIDDLEWARE_SECONDS = 600 EMAIL_SSL_CERTFILE = None CSRF_COOKIE_HTTPONLY = False DATETIME_INPUT_FORMATS = EMAIL_HOST_USER = '' You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard page generated by the handler for this status code. '''

[ajinabraham]

I just did a fresh install of MobSF on Ubuntu and couldn't reproduce this issue. It works fine for me.

For you the error is happening here

ConnectInstallRun 436. subprocess.call([adb, "kill-server"]) File "/usr/lib/python2.7/subprocess.py" in call 522. return Popen(popenargs, *kwargs).wait() File "/usr/lib/python2.7/subprocess.py" in init 710. errread, errwrite) File "/usr/lib/python2.7/subprocess.py" in _execute_child 1327. raise child_exception Exception Type: OSError at /GetEnv/ Exception Value: [Errno 2] No such file or directory

This looks like you may not have permission to execute it. Try this and let me know the outcome. Go to the root directory of Mobile Security Framework Give sudo chmod -r 777 DynamicAnalyzer/tools/

[ajinabraham]

Any updates here?

[ekke85]

I get the same on Ubuntu 14.04. I've also checked the permissions and the user can execute those scripts in DynamicAnalyzer/tools/ and then for sanity I've changed the permissions in DynamicAnalyzer/tools/ to 777 and still the same

[mrtompa]

I have the same issue in Kali 2.0. It seems to be an issue with subprocess.call([adb, "kill-server"]) in witch it can't locate adb even though the adb string is correct and has execute permission. I got it to work by changing the call to subprocess.call(["adb", "kill-server"]). This way it's using adb already installed in /usr/bin/adb and not in the tools directory. Note: you have to make this change all places in views.py

[xl7dev]

https://github.com/xl7dev/Mobile-Security-Framework-MobSF/commit/0b8848ac5b4d5c0c459d56f7794abc73890acf82

[ajinabraham]

v0.9 released please try again and reopen if applicable.

[ajinabraham]

Also try this: https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/127#issuecomment-210497530