search

MobSF / Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://opensecurity.in
GNU General Public License v3.0
17.3k stars 3.22k forks source link

Unable to connect to proxy from VM #67

Closed mrtompa closed 8 years ago

mrtompa commented 9 years ago

[INFO] VM Starting [15/Sep/2015 09:12:26]"POST /DynamicAnalyzer/ HTTP/1.1" 200 17778 [INFO] HTTPS Proxy (PID: 11384) Running on 192.168.56.1:1340 daemon not running. starting it now on port 5037 daemon started successfully

I tried wget with proxy settings from shell on device, but can't connect to proxy. Host is reachable from VM:

1|root@mobsec:/etc # ping 192.168.56.1 PING 192.168.56.1 (192.168.56.1) 56(84) bytes of data. 64 bytes from 192.168.56.1: icmp_seq=1 ttl=128 time=0.376 ms 64 bytes from 192.168.56.1: icmp_seq=2 ttl=128 time=0.479 ms ^X64 bytes from 192.168.56.1: icmp_seq=3 ttl=128 time=0.858 ms 64 bytes from 192.168.56.1: icmp_seq=4 ttl=128 time=1.22 ms 64 bytes from 192.168.56.1: icmp_seq=5 ttl=128 time=0.636 ms 64 bytes from 192.168.56.1: icmp_seq=6 ttl=128 time=0.871 ms ^C --- 192.168.56.1 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5003ms

And proxy is listening on port 1340:

$ netstat -nao | grep 1340 TCP 192.168.56.1:1340 0.0.0.0:0 LISTENING 11384

From antother linux (debian) VM I can use the proxy through wget. :

wget http://debian.org/Pics/debian.png -e use_proxy=yes -e http_proxy=http://192.168.56.1:1340 --2015-09-16 09:33:14-- http://debian.org/Pics/debian.png Connecting to 192.168.56.1:1340... connected. Proxy forespřrsel sendt, mottar topptekster... 301 Moved Permanently Sted: http://www.debian.org/Pics/debian.png [omdirigert] --2015-09-16 09:33:15-- http://www.debian.org/Pics/debian.png Reusing existing connection to 192.168.56.1:1340. Proxy forespřrsel sendt, mottar topptekster... 200 OK Lengde: 3895 (3,8K) [image/png] Saving to: ‘debian.png’

debian.png 100%[=================================================>] 3,80K --.-KB/s in 0s

Then I find this in proxy log:

\Mobile-Security-Framework-MobSF\logs$ tail -f proxy.log [I 150916 10:34:57 web:1825] 301 GET http://debian.org/Pics/debian.png (192.168.56.1) 195.00ms [I 150916 10:34:57 web:1825] 200 GET http://www.debian.org/Pics/debian.png (192.168.56.1) 156.00ms

Any suggestions?

ajinabraham commented 9 years ago

This looks strange. Try restarting your VM -> Change WiFi settings and connect it to internet without using a proxy and later configure the proxy. Save a snapshot and configure MobSF to use the snapshot and give proper proxy settings in settings.py and see if things are working properly.

mrtompa commented 9 years ago

Restarting and changing settings did not solve the problem. Btw, this is on Win 8.1 Enterprise edition. I haven't installed it in c:\MobSF as in the guide, but don't think this should have any effect....?

However, I installed MobSF on a debian (kali) VM, and there I could successfully use the android browser through the proxy to surf the web. But there it failed to start the environment:

OSError at /GetEnv/ [Errno 2] No such file or directory Request Method: POST Request URL: http://localhost:8000/GetEnv/ Django Version: 1.8

ajinabraham commented 9 years ago

You should install on c:\MobSF or else the path should not contain any spaces in it.

For the Kali issue, send me the console log, then only I can make out what exactly happened.

mrtompa commented 9 years ago

I moved the installation to c:\MobSF but still unable to connect to proxy. I then installed free version of Genymotion and started MobSF. From there I was able to connect to Fiddler proxy, but not the proxy provided by MobSF. Same thing if I run it through Virtualbox.

Here is the log from Kali:

OSError at /GetEnv/ [Errno 2] No such file or directory Request Method: POST Request URL: http://localhost:8000/GetEnv/ Django Version: 1.8 Python Executable: /usr/bin/python Python Version: 2.7.9 Python Path: ['/home/MobSF', '/usr/local/lib/python2.7/dist-packages/androguard-3.0-py2.7.egg', '/usr/local/lib/python2.7/dist-packages/distribute-0.7.3-py2.7.egg', '/usr/lib/python2.7/dist-packages', '/usr/local/lib/python2.7/dist-packages/knockpy-3.0-py2.7.egg', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages/PILcompat', '/usr/lib/python2.7/dist-packages/gtk-2.0', '/usr/lib/pymodules/python2.7', '/usr/lib/python2.7/dist-packages/wx-3.0-gtk2'] Server time: Wed, 23 Sep 2015 07:29:38 +0000 Installed Applications: ('django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'StaticAnalyzer', 'DynamicAnalyzer') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware') Traceback: File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response 132. response = wrapped_callback(request, _callback_args, _callback_kwargs) File "/home/MobSF/DynamicAnalyzer/views.py" in GetEnv 66. ConnectInstallRun(TOOLS_DIR,VM_IP,APP_PATH,PKG,LNCH,True) #Change True to support non-activity components File "/home/MobSF/DynamicAnalyzer/views.py" in ConnectInstallRun 436. subprocess.call([adb, "kill-server"]) File "/usr/lib/python2.7/subprocess.py" in call 522. return Popen(_popenargs, _kwargs).wait() File "/usr/lib/python2.7/subprocess.py" in init 710. errread, errwrite) File "/usr/lib/python2.7/subprocess.py" in _execute_child 1335. raise child_exception Exception Type: OSError at /GetEnv/ Exception Value: [Errno 2] No such file or directory Request information: GET: No GET data POST: csrfmiddlewaretoken = u'vn6mbo5gxezAXCAvdZGXJ1iY6Q5L91gt' pkg = u'no.spv.mobilbank.testapp' lng = u'no.spv.mobilbank.UserPreferences' md5 = u'cfccc98097cd18fb7079d688e6196516' FILES: No FILES data COOKIES: csrftoken = 'vn6mbo5gxezAXCAvdZGXJ1iY6Q5L91gt' META: WINDOWID = '54525956' wsgi.multiprocess = False RUN_MAIN = 'true' HTTP_REFERER = 'http://localhost:8000/DynamicAnalyzer/' GNOME_DESKTOP_SESSION_ID = 'this-is-deprecated' GJS_DEBUG_OUTPUT = 'stderr' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SOFTWARE = 'WSGIServer/0.1 Python/2.7.9' SCRIPT_NAME = u'' XDG_CURRENT_DESKTOP = 'GNOME' QUERY_STRING = '' REQUEST_METHOD = 'POST' LOGNAME = 'root' USER = 'root' PATH = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' XDG_VTNR = '7' HOME = '/root' DISPLAY = ':0' SSH_AGENT_PID = '1014' LANG = 'nb_NO.UTF-8' TERM = 'xterm' SHELL = '/bin/bash' TZ = 'UTC' XAUTHORITY = '/var/run/gdm3/auth-for-root-C9Qemx/database' PATH_INFO = u'/GetEnv/' SESSION_MANAGER = 'local/kali:@/tmp/.ICE-unix/913,unix/kali:/tmp/.ICE-unix/913' SHLVL = '1' TERMINATOR_UUID = 'urn:uuid:313d307f-36fa-4c44-ac75-1f1fea579470' wsgi.urlscheme = 'http' WINDOWPATH = '7' = '/usr/bin/python' SERVER_PORT = '8000' CONTENT_LENGTH = '155' GIO_LAUNCHED_DESKTOP_FILE_PID = '5101' GPG_AGENT_INFO = '/run/user/0/keyring/gpg:0:1' USERNAME = 'root' XDG_SESSION_DESKTOP = 'default' GIO_LAUNCHED_DESKTOP_FILE = '/usr/share/applications/terminator.desktop' HTTP_PRAGMA = 'no-cache' XDG_RUNTIME_DIR = '/run/user/0' HTTP_X_REQUESTED_WITH = 'XMLHttpRequest' CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=UTF-8' SSH_AUTH_SOCK = '/run/user/0/keyring/ssh' GDMSESSION = 'default' wsgi.input = HTTP_USER_AGENT = 'Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.1' HTTP_HOST = 'localhost:8000' wsgi.multithread = True HTTP_CONNECTION = 'keep-alive' HTTP_CACHE_CONTROL = 'no-cache' XDG_SESSION_ID = '1' DBUS_SESSION_BUS_ADDRESS = 'unix:abstract=/tmp/dbus-FpS18njTXo,guid=f496087df41bc66be43da1e456010ab5' ORBIT_SOCKETDIR = '/tmp/orbit-root' HTTPACCEPT = 'application/json, text/javascript, /_; q=0.01' DESKTOP_SESSION = 'default' wsgi.file_wrapper = '' wsgi.version = SERVER_NAME = 'localhost' GATEWAY_INTERFACE = 'CGI/1.1' wsgi.run_once = False CSRF_COOKIE = u'vn6mbo5gxezAXCAvdZGXJ1iY6Q5L91gt' OLDPWD = '/home' REMOTE_ADDR = '127.0.0.1' HTTP_ACCEPT_LANGUAGE = 'en-US,en;q=0.5' GDM_LANG = 'nb_NO.UTF-8' wsgi.errors = ', mode 'w' at 0x7ff5cdb121e0> HTTP_ACCEPT_ENCODING = 'gzip, deflate' XDG_DATA_DIRS = '/usr/share/gnome:/usr/local/share/:/usr/share/' PWD = '/home/MobSF' DJANGO_SETTINGS_MODULE = 'MobSF.settings' COLORTERM = 'gnome-terminal' XDG_MENU_PREFIX = 'gnome-' LSCOLORS = 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.Z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.jpg=01;35:.jpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.axv=01;35:.anx=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.axa=00;36:.oga=00;36:.spx=00;36:_.xspf=00;36:' REMOTE_HOST = '' GJS_DEBUG_TOPICS = 'JS ERROR;JS LOG' HTTP_COOKIE = 'csrftoken=vn6mbo5gxezAXCAvdZGXJ1iY6Q5L91gt' XDG_SEAT = 'seat0' Settings: Using settings module MobSF.settings SECURE_BROWSER_XSS_FILTER = False USE_THOUSAND_SEPARATOR = False CSRF_COOKIE_SECURE = False LANGUAGE_CODE = 'en-us' ROOT_URLCONF = 'MobSF.urls' MANAGERS = BASE_DIR = '/home/MobSF' SILENCED_SYSTEM_CHECKS = [] DEFAULT_CHARSET = 'utf-8' SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer' STATIC_ROOT = None ALLOWED_HOSTS = [] MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' EMAIL_SUBJECT_PREFIX = '[Django] ' SERVER_EMAIL = 'root@localhost' SECURE_HSTS_SECONDS = 0 STATICFILES_FINDERS = SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_NAME = 'sessionid' TIME_INPUT_FORMATS = SECURE_REDIRECT_EXEMPT = [] DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'AUTOCOMMIT': True, 'ATOMIC_REQUESTS': False, 'NAME': '/home/MobSF/db.sqlite3', 'CONN_MAX_AGE': 0, 'TIMEZONE': 'UTC', 'OPTIONS': {}, 'HOST': '', 'USER': '', 'TEST': {'COLLATION': None, 'CHARSET': None, 'NAME': None, 'MIRROR': None}, 'PASSWORD': u'***', 'PORT': ''}} EMAIL_SSLKEYFILE = u'******_' TEMPLATE_DEBUG = True FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_HANDLERS = DEFAULT_CONTENT_TYPE = 'text/html' UUID = '5a890b7a-c375-4583-b5a8-96bc9c4658e9' SUUID = '098860c3-8669-4920-9ce0-918349a549f5' APPEND_SLASH = True LOCALE_PATHS = DATABASE_ROUTERS = [] DEFAULT_TABLESPACE = '' YEAR_MONTH_FORMAT = 'F Y' STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} SESSION_COOKIE_PATH = '/' SECURE_CONTENT_TYPE_NOSNIFF = False MIDDLEWARE_CLASSES = USE_I18N = True THOUSAND_SEPARATOR = ',' SECRETKEY = u'******_' PORT = '1337' LANGUAGE_COOKIE_NAME = 'django_language' DECOMPILER = 'jd-core' DEFAULT_INDEX_TABLESPACE = '' LOGGING_CONFIG = 'logging.config.dictConfig' TEMPLATE_LOADERS = VBOX = '/usr/bin/VBoxManage' FIRST_DAY_OF_WEEK = 0 WSGI_APPLICATION = 'MobSF.wsgi.application' PROXY_IP = '192.168.56.1' X_FRAME_OPTIONS = 'SAMEORIGIN' CSRF_COOKIE_NAME = 'csrftoken' EMAIL_HOSTPASSWORD = u'******_' USE_X_FORWARDED_HOST = False EMAIL_TIMEOUT = None SECURE_SSL_HOST = None SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SESSION_COOKIE_SECURE = False JAVA_PATH = '/usr/bin/' CSRF_COOKIE_DOMAIN = None FILE_CHARSET = 'utf-8' DEBUG = True LANGUAGE_COOKIE_DOMAIN = None DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' INSTALLED_APPS = LANGUAGES = USE_L10N = True SECURE_HSTS_INCLUDE_SUBDOMAINS = False STATICFILES_DIRS = '/home/MobSF/static/' PREPEND_WWW = False SECURE_PROXY_SSL_HEADER = None LANGUAGE_COOKIE_AGE = None SESSION_COOKIE_HTTPONLY = True DEBUG_PROPAGATE_EXCEPTIONS = False CSRF_COOKIE_AGE = 31449600 MONTH_DAY_FORMAT = 'F j' LOGIN_URL = '/accounts/login/' SESSION_EXPIRE_AT_BROWSER_CLOSE = False TIME_FORMAT = 'P' AUTH_USER_MODEL = 'auth.User' DATE_INPUT_FORMATS = AUTHENTICATION_BACKENDS = 'django.contrib.auth.backends.ModelBackend' FORCE_SCRIPT_NAME = None PASSWORD_RESET_TIMEOUTDAYS = u'******_' SESSION_FILE_PATH = None CACHE_MIDDLEWARE_ALIAS = 'default' SESSION_SAVE_EVERY_REQUEST = False NUMBER_GROUPING = 0 SESSION_ENGINE = 'django.contrib.sessions.backends.db' CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_COOKIE_PATH = '/' LOGIN_REDIRECT_URL = '/accounts/profile/' DECIMAL_SEPARATOR = '.' IGNORABLE_404_URLS = MIGRATION_MODULES = {} TEMPLATE_STRING_IF_INVALID = '' LOGOUT_URL = '/accounts/logout/' EMAIL_USE_TLS = False FIXTURE_DIRS = EMAIL_HOST = 'localhost' DATE_FORMAT = 'N j, Y' MEDIA_ROOT = '/home/MobSF/uploads' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' ADMINS = FORMAT_MODULE_PATH = None DEFAULT_FROM_EMAIL = 'webmaster@localhost' MEDIA_URL = '/uploads/' DATETIME_FORMAT = 'N j, Y, P' TEMPLATE_DIRS = '/home/MobSF/templates' DISALLOWED_USER_AGENTS = ALLOWED_INCLUDE_ROOTS = LOGGING = {} SHORT_DATE_FORMAT = 'm/d/Y' TEMPLATES = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' CACHE_MIDDLEWARE_KEYPREFIX = u'******_' SECURE_SSL_REDIRECT = False TIME_ZONE = 'UTC' FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_USE_SSL = False TEMPLATE_CONTEXT_PROCESSORS = SESSION_COOKIE_AGE = 1209600 VM_IP = '192.168.56.101' SETTINGS_MODULE = 'MobSF.settings' USE_ETAGS = False LANGUAGES_BIDI = FILE_UPLOAD_TEMP_DIR = None INTERNAL_IPS = STATIC_URL = '/static/' EMAIL_PORT = 25 USE_TZ = True SHORT_DATETIME_FORMAT = 'm/d/Y P' TEST_NON_SERIALIZED_APPS = [] PASSWORDHASHERS = u'*******' ABSOLUTE_URL_OVERRIDES = {} LANGUAGE_COOKIE_PATH = '/' CACHE_MIDDLEWARE_SECONDS = 600 EMAIL_SSL_CERTFILE = None CSRF_COOKIE_HTTPONLY = False DATETIME_INPUT_FORMATS = EMAIL_HOST_USER = '' You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard page generated by the handler for this status code.

And from the console:

[INFO] Finding JDK Location in Linux/MAC....

[INFO] Oracle Java is installed!

[INFO] JDK 1.7 or above is available

[INFO] Finding JDK Location in Linux/MAC....

[INFO] Oracle Java is installed!

[INFO] JDK 1.7 or above is available Performing system checks...

System check identified no issues (0 silenced). September 23, 2015 - 07:28:58 Django version 1.8, using settings 'MobSF.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. [INFO] Mobile Security Framework v0.8.8beta [23/Sep/2015 07:29:06]"GET / HTTP/1.1" 200 7201 [23/Sep/2015 07:29:06]"GET /static/css/bootstrap.min.css HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/css/cover.css HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/js/ie-emulation-modes-warning.js HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/js/jquery.min.js HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/img/logo-head.png HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/js/bootstrap.min.js HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/js/ie10-viewport-bug-workaround.js HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/fonts/glyphicons-halflings-regular.woff HTTP/1.1" 304 0 [INFO] MIME Type: application/vnd.android.package-archive FILE: SpvMobilbank-spvtest-debug-2.0.0.apk [23/Sep/2015 07:29:13]"POST /Upload/ HTTP/1.1" 200 159 [INFO] Starting Analysis on : SpvMobilbank-spvtest-debug-2.0.0.apk

[INFO] Analysis is already Done. Fetching data from the DB... [23/Sep/2015 07:29:14]"GET /StaticAnalyzer/?name=SpvMobilbank-spvtest-debug-2.0.0.apk&type=apk&checksum=cfccc98097cd18fb7079d688e6196516 HTTP/1.1" 200 61590 [23/Sep/2015 07:29:14]"GET /static/css/bootstrap.css HTTP/1.1" 304 0 [23/Sep/2015 07:29:14]"GET /static/css/dashboard.css HTTP/1.1" 304 0 [23/Sep/2015 07:29:14]"GET /static/js/Chart.js HTTP/1.1" 304 0 VBoxManage: error: Cannot power down a saved virtual machine VBoxManage: error: Details: code VBOX_E_INVALID_VM_STATE (0x80bb0002), component Console, interface IConsole, callee nsISupports VBoxManage: error: Context: "PowerDown(progress.asOutParam())" at line 228 of file VBoxManageControlVM.cpp

[INFO] VM Closed Restoring snapshot 098860c3-8669-4920-9ce0-918349a549f5 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

[INFO] VM Restore Snapshot Waiting for VM "5a890b7a-c375-4583-b5a8-96bc9c4658e9" to power on... VM "5a890b7a-c375-4583-b5a8-96bc9c4658e9" has been successfully started.

[INFO] VM Starting [23/Sep/2015 07:29:25]"POST /DynamicAnalyzer/ HTTP/1.1" 200 17778

[INFO] HTTPS Proxy (PID: 5416) Running on 192.168.56.1:1337 [23/Sep/2015 07:29:38]"POST /GetEnv/ HTTP/1.1" 500 11889

ajinabraham commented 9 years ago

For Kali, it seems the error occurred here subprocess.call([adb, "kill-server"]) File "/usr/lib/python2.7/subprocess.py" in call 522. return Popen(popenargs, *kwargs).wait() File "/usr/lib/python2.7/subprocess.py" in init 710. errread, errwrite) File "/usr/lib/python2.7/subprocess.py" in _execute_child 1335. raise child_exception Exception Type: OSError at /GetEnv/ Exception Value: [Errno 2] No such file or directory

Go to DynamicAnalyzer/tools/adb/linux/ and try executing adb from your terminal and see if the command is giving an output also make sure that tools dir is having execute permission.

Still I am not getting what is wrong with the proxy at your side. If it's fine then we can have a team-viewer session to sort this out.

mrtompa commented 9 years ago

I got it working by changing

subprocess.call([adb, "kill-server"])

to subprocess.call(["adb", "kill-server"]) meaning it's using the adb version already installed in kali.

Now it will run and connect through proxy :)

unfortunately it seems the proxy doesn't like SSL?

ajinabraham commented 9 years ago

Well adb is a variable that points to the linux adb executable under Dynamic\Analyzer\tools\adb\linux\adb which may not be compactable in your case. Proxy is working fine on the machine i tested. If you are still facing issues, I can help you via a Google Hangouts or Teamviewer session.

kevinmustaqim commented 8 years ago

I have run all the steps above, but apparently not work

_WindowsError at /GetEnv/ [Error 2] The system cannot find the file specified Request Method: POST Request URL: http://127.0.0.1:8000/GetEnv/ Django Version: 1.8 Python Executable: D:\PORTABLE\2.7.6.1\App\python2.exe Python Version: 2.7.6 Python Path: ['C:\MobSF', 'D:\PORTABLE\2.7.6.1\App\python27.zip', 'D:\PORTABLE\2.7.6.1\App\DLLs', 'D:\PORTABLE\2.7.6.1\App\lib', 'D:\PORTABLE\2.7.6.1\App\lib\plat-win', 'D:\PORTABLE\2.7.6.1\App\lib\lib-tk', 'D:\PORTABLE\2.7.6.1\App', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\PIL', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\gtk-2.0', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\win32', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\win32\lib', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\Pythonwin', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\wx-3.0-msw'] Server time: Tue, 5 Jan 2016 17:57:06 +0700 Installed Applications: ('django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'StaticAnalyzer', 'DynamicAnalyzer') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware') Traceback: File "D:\PORTABLE\2.7.6.1\App\lib\site-packages\django\core\handlers\base.py" in get_response 132. response = wrapped_callback(request, callback_args, _callback_kwargs) File "C:\MobSF\DynamicAnalyzer\views.py" in GetEnv 65. proxy_process=WebProxy(TOOLS_DIR,APP_DIR,PROXY_IP,PORT,'10') File "C:\MobSF\DynamicAnalyzer\views.py" in WebProxy 413. x=subprocess.Popen(args) File "D:\PORTABLE\2.7.6.1\App\lib\subprocess.py" in init** 709. errread, errwrite) File "D:\PORTABLE\2.7.6.1\App\lib\subprocess.py" in _execute_child 957. startupinfo) Exception Type: WindowsError at /GetEnv/ Exception Value: [Error 2] The system cannot find the file specified Request information: GET: No GET data POST: csrfmiddlewaretoken = u'bYzen8mQFOjVIasDmjJrKmnUgWLg5SHO' pkg = u'indosat.net' lng = u'indosat.net.Activity.SplashScreen' md5 = u'59b62294510d6ef390cf3cbe68bdb570' FILES: No FILES data COOKIES: csrftoken = 'bYzen8mQFOjVIasDmjJrKmnUgWLg5SHO' META: TMP = 'C:\Users\snort\AppData\Local\Temp' COMPUTERNAME = 'SNORT-PC' wsgi.multiprocess = False RUN_MAIN = 'true' HTTP_REFERER = 'http://127.0.0.1:8000/DynamicAnalyzer/' USERDOMAIN = 'snort-PC' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SOFTWARE = 'WSGIServer/0.1 Python/2.7.6' PSMODULEPATH = 'C:\Windows\system32\WindowsPowerShell\v1.0\Modules\' SCRIPT_NAME = u'' COMMONPROGRAMFILES = 'C:\Program Files (x86)\Common Files' PROCESSOR_IDENTIFIER = 'Intel64 Family 6 Model 42 Stepping 7, GenuineIntel' REQUEST_METHOD = 'POST' VBOX_MSI_INSTALL_PATH = 'C:\Program Files\Oracle\VirtualBox\' PROGRAMFILES = 'C:\Program Files (x86)' PROCESSOR_REVISION = '2a07' PATH = 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\gtk-2.0\runtime\bin;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Skype\Phone\;D:\xampp\php;C:\ProgramData\ComposerSetup\bin;C:\Program Files (x86)\Nmap;D:\PORTABLE\2.7.6.1\App;D:\PORTABLE\2.7.6.1\App\Scripts;' QUERY_STRING = '' SYSTEMROOT = 'C:\Windows' HTTP_ORIGIN = 'http://127.0.0.1:8000' PROGRAMFILES(X86) = 'C:\Program Files (x86)' COMSPEC = 'C:\Windows\system32\cmd.exe' CONTENT_LENGTH = '143' HTTP_USER_AGENT = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36' HTTP_CONNECTION = 'keep-alive' HTTP_COOKIE = 'csrftoken=bYzen8mQFOjVIasDmjJrKmnUgWLg5SHO' TEMP = 'C:\Users\snort\AppData\Local\Temp' REMOTE_ADDR = '127.0.0.1' COMMONPROGRAMFILES(X86) = 'C:\Program Files (x86)\Common Files' PROCESSOR_ARCHITECTURE = 'x86' wsgi.url_scheme = 'http' ALLUSERSPROFILE = 'C:\ProgramData' SERVER_PORT = '8000' LOCALAPPDATA = 'C:\Users\snort\AppData\Local' HOMEPATH = '\Users\snort' PROCESSOR_LEVEL = '6' PROGRAMW6432 = 'C:\Program Files' USERNAME = 'snort' HTTPACCEPT = 'application/json, text/javascript, /_; q=0.01' LOGONSERVER = '\SNORT-PC' PROMPT = '$P$G' WINDOWS_TRACING_FLAGS = '3' HTTP_X_REQUESTED_WITH = 'XMLHttpRequest' PROGRAMDATA = 'C:\ProgramData' wsgi.multithread = True CSRF_COOKIE = u'bYzen8mQFOjVIasDmjJrKmnUgWLg5SHO' wsgi.input = wsgi.errors = ', mode 'w' at 0x005B60D0> HTTP_HOST = '127.0.0.1:8000' SESSIONNAME = 'Console' PATHEXT = '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC' PATH_INFO = u'/GetEnv/' FP_NO_HOST_CHECK = 'NO' WINDIR = 'C:\Windows' wsgi.file_wrapper = '' HTTP_ACCEPT_ENCODING = 'gzip, deflate' wsgi.version = WINDOWS_TRACING_LOGFILE = 'C:\BVTBin\Tests\installpackage\csilogfile.log' HOMEDRIVE = 'C:' SERVER_NAME = 'fasilkom.com' wsgi.run_once = False REMOTE_HOST = '' SYSTEMDRIVE = 'C:' GATEWAY_INTERFACE = 'CGI/1.1' HTTP_ACCEPT_LANGUAGE = 'en-US,en;q=0.8,id;q=0.6,ms;q=0.4,es;q=0.2,ru;q=0.2,pl;q=0.2,vi;q=0.2' DXSDK_DIR = 'C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\' NUMBER_OF_PROCESSORS = '4' APPDATA = 'C:\Users\snort\AppData\Roaming' DJANGO_SETTINGS_MODULE = 'MobSF.settings' CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=UTF-8' PROCESSOR_ARCHITEW6432 = 'AMD64' COMMONPROGRAMW6432 = 'C:\Program Files\Common Files' OS = 'Windows_NT' PUBLIC = 'C:\Users\Public' USERPROFILE = 'C:\Users\snort' Settings: Using settings module MobSF.settings SECURE_BROWSER_XSS_FILTER = False USE_THOUSAND_SEPARATOR = False CSRF_COOKIE_SECURE = False LANGUAGE_CODE = 'en-us' ROOT_URLCONF = 'MobSF.urls' MANAGERS = BASE_DIR = 'C:\MobSF' SILENCED_SYSTEM_CHECKS = [] DEFAULT_CHARSET = 'utf-8' SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer' STATIC_ROOT = None ALLOWED_HOSTS = [] MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' EMAIL_SUBJECT_PREFIX = '[Django] ' SERVER_EMAIL = 'root@localhost' SECURE_HSTS_SECONDS = 0 STATICFILES_FINDERS = SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_NAME = 'sessionid' TIME_INPUT_FORMATS = SECURE_REDIRECT_EXEMPT = [] DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'AUTOCOMMIT': True, 'ATOMIC_REQUESTS': False, 'NAME': 'C:\MobSF\db.sqlite3', 'CONN_MAX_AGE': 0, 'TIMEZONE': 'UTC', 'OPTIONS': {}, 'HOST': '', 'USER': '', 'TEST': {'COLLATION': None, 'CHARSET': None, 'NAME': None, 'MIRROR': None}, 'PASSWORD': u'***', 'PORT': ''}} EMAIL_SSLKEYFILE = u'******_' TEMPLATE_DEBUG = True FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_HANDLERS = DEFAULT_CONTENT_TYPE = 'text/html' UUID = '63aa87a0-1424-4ac9-be55-ea8ed426d621' SUUID = '59e0cc88-3737-4ff0-bdf4-b4b9484153c6' APPEND_SLASH = True LOCALE_PATHS = DATABASE_ROUTERS = [] DEFAULT_TABLESPACE = '' YEAR_MONTH_FORMAT = 'F Y' STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} SESSION_COOKIE_PATH = '/' SECURE_CONTENT_TYPE_NOSNIFF = False MIDDLEWARE_CLASSES = USE_I18N = True THOUSAND_SEPARATOR = ',' SECRETKEY = u'******_' PORT = '1337' LANGUAGE_COOKIE_NAME = 'django_language' DECOMPILER = 'jd-core' DEFAULT_INDEX_TABLESPACE = '' LOGGING_CONFIG = 'logging.config.dictConfig' TEMPLATE_LOADERS = VBOX = 'C:\Program Files\Oracle\VirtualBox\VBoxManage.exe' FIRST_DAY_OF_WEEK = 0 WSGI_APPLICATION = 'MobSF.wsgi.application' PROXY_IP = '192.168.56.1' X_FRAME_OPTIONS = 'SAMEORIGIN' CSRF_COOKIE_NAME = 'csrftoken' EMAIL_HOSTPASSWORD = u'******_' USE_X_FORWARDED_HOST = False EMAIL_TIMEOUT = None SECURE_SSL_HOST = None SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SESSION_COOKIE_SECURE = False JAVA_PATH = 'C:/Program Files/Java/jdk1.8.0_65/bin/' CSRF_COOKIE_DOMAIN = None FILE_CHARSET = 'utf-8' DEBUG = True LANGUAGE_COOKIE_DOMAIN = None DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' INSTALLED_APPS = LANGUAGES = USE_L10N = True SECURE_HSTS_INCLUDE_SUBDOMAINS = False STATICFILES_DIRS = 'C:\MobSF\static/' PREPEND_WWW = False SECURE_PROXY_SSL_HEADER = None LANGUAGE_COOKIE_AGE = None SESSION_COOKIE_HTTPONLY = True DEBUG_PROPAGATE_EXCEPTIONS = False CSRF_COOKIE_AGE = 31449600 MONTH_DAY_FORMAT = 'F j' LOGIN_URL = '/accounts/login/' SESSION_EXPIRE_AT_BROWSER_CLOSE = False TIME_FORMAT = 'P' AUTH_USER_MODEL = 'auth.User' DATE_INPUT_FORMATS = AUTHENTICATION_BACKENDS = 'django.contrib.auth.backends.ModelBackend' FORCE_SCRIPT_NAME = None PASSWORD_RESET_TIMEOUTDAYS = u'******_' SESSION_FILE_PATH = None CACHE_MIDDLEWARE_ALIAS = 'default' SESSION_SAVE_EVERY_REQUEST = False NUMBER_GROUPING = 0 SESSION_ENGINE = 'django.contrib.sessions.backends.db' CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_COOKIE_PATH = '/' LOGIN_REDIRECT_URL = '/accounts/profile/' DECIMAL_SEPARATOR = '.' IGNORABLE_404_URLS = MIGRATION_MODULES = {} TEMPLATE_STRING_IF_INVALID = '' LOGOUT_URL = '/accounts/logout/' EMAIL_USE_TLS = False FIXTURE_DIRS = EMAIL_HOST = 'localhost' DATE_FORMAT = 'N j, Y' MEDIA_ROOT = 'C:\MobSF\uploads' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' ADMINS = FORMAT_MODULE_PATH = None DEFAULT_FROM_EMAIL = 'webmaster@localhost' MEDIA_URL = '/uploads/' DATETIME_FORMAT = 'N j, Y, P' TEMPLATE_DIRS = 'C:\MobSF\templates' DISALLOWED_USER_AGENTS = ALLOWED_INCLUDE_ROOTS = LOGGING = {} SHORT_DATE_FORMAT = 'm/d/Y' TEMPLATES = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' CACHE_MIDDLEWARE_KEYPREFIX = u'******_' SECURE_SSL_REDIRECT = False TIME_ZONE = 'UTC' FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_USE_SSL = False TEMPLATE_CONTEXT_PROCESSORS = SESSION_COOKIE_AGE = 1209600 VM_IP = '192.168.56.101' SETTINGS_MODULE = 'MobSF.settings' USE_ETAGS = False LANGUAGES_BIDI = FILE_UPLOAD_TEMP_DIR = None INTERNAL_IPS = STATIC_URL = '/static/' EMAIL_PORT = 25 USE_TZ = True SHORT_DATETIME_FORMAT = 'm/d/Y P' TEST_NON_SERIALIZED_APPS = [] PASSWORDHASHERS = u'******_' ABSOLUTE_URL_OVERRIDES = {} LANGUAGE_COOKIE_PATH = '/' CACHE_MIDDLEWARE_SECONDS = 600 EMAIL_SSL_CERTFILE = None CSRF_COOKIE_HTTPONLY = False DATETIME_INPUT_FORMATS = EMAIL_HOSTUSER = '' You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard page generated by the handler for this status code.**

ghost commented 8 years ago

@mrtompa I am having the same issue you experienced but with W10 do you think you could outline the steps you took to get MobSF working with genymotion and fiddler?

mrtompa commented 8 years ago

@errbufferoverfl I got i working on Kali, still no luck on win8. I probably did not explain it well before.. but what I meant was that if I ran Genymotion, I could connect that to fiddler proxy but not to the proxy in MobSF. (I think MobSF uses a VM based on Genymotion under the hood, so that's why I tried running an instance of genymotion outside of MobSF to se if the VM could connect to a proxy)

ghost commented 8 years ago

@mrtompa ah well if you got it working on Kali that gives me hope I'll be able to get it working in Mint. I ultimately ended up doing something similar (setting it up in Genymotion and using Fiddler), however found the flaw when I realized I couldn't set up bluetooth.

I will try Mint and see how I go. Thanks for your reply!

ajinabraham commented 8 years ago

v0.9 released please try again and reopen if applicable.

kumaran88thiru commented 3 years ago

[46034] [ERROR] Can't connect to ('127.0.0.1', 8000) on Mobsf in parrot os