Closed mrtompa closed 8 years ago
This looks strange. Try restarting your VM -> Change WiFi settings and connect it to internet without using a proxy and later configure the proxy. Save a snapshot and configure MobSF to use the snapshot and give proper proxy settings in settings.py and see if things are working properly.
Restarting and changing settings did not solve the problem. Btw, this is on Win 8.1 Enterprise edition. I haven't installed it in c:\MobSF as in the guide, but don't think this should have any effect....?
However, I installed MobSF on a debian (kali) VM, and there I could successfully use the android browser through the proxy to surf the web. But there it failed to start the environment:
OSError at /GetEnv/ [Errno 2] No such file or directory Request Method: POST Request URL: http://localhost:8000/GetEnv/ Django Version: 1.8
You should install on c:\MobSF or else the path should not contain any spaces in it.
For the Kali issue, send me the console log, then only I can make out what exactly happened.
I moved the installation to c:\MobSF but still unable to connect to proxy. I then installed free version of Genymotion and started MobSF. From there I was able to connect to Fiddler proxy, but not the proxy provided by MobSF. Same thing if I run it through Virtualbox.
Here is the log from Kali:
OSError at /GetEnv/ [Errno 2] No such file or directory Request Method: POST Request URL: http://localhost:8000/GetEnv/ Django Version: 1.8 Python Executable: /usr/bin/python Python Version: 2.7.9 Python Path: ['/home/MobSF', '/usr/local/lib/python2.7/dist-packages/androguard-3.0-py2.7.egg', '/usr/local/lib/python2.7/dist-packages/distribute-0.7.3-py2.7.egg', '/usr/lib/python2.7/dist-packages', '/usr/local/lib/python2.7/dist-packages/knockpy-3.0-py2.7.egg', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages/PILcompat', '/usr/lib/python2.7/dist-packages/gtk-2.0', '/usr/lib/pymodules/python2.7', '/usr/lib/python2.7/dist-packages/wx-3.0-gtk2'] Server time: Wed, 23 Sep 2015 07:29:38 +0000 Installed Applications: ('django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'StaticAnalyzer', 'DynamicAnalyzer') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware') Traceback: File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response 132. response = wrapped_callback(request, _callback_args, _callback_kwargs) File "/home/MobSF/DynamicAnalyzer/views.py" in GetEnv 66. ConnectInstallRun(TOOLS_DIR,VM_IP,APP_PATH,PKG,LNCH,True) #Change True to support non-activity components File "/home/MobSF/DynamicAnalyzer/views.py" in ConnectInstallRun 436. subprocess.call([adb, "kill-server"]) File "/usr/lib/python2.7/subprocess.py" in call 522. return Popen(_popenargs, _kwargs).wait() File "/usr/lib/python2.7/subprocess.py" in init 710. errread, errwrite) File "/usr/lib/python2.7/subprocess.py" in _execute_child 1335. raise child_exception Exception Type: OSError at /GetEnv/ Exception Value: [Errno 2] No such file or directory Request information: GET: No GET data POST: csrfmiddlewaretoken = u'vn6mbo5gxezAXCAvdZGXJ1iY6Q5L91gt' pkg = u'no.spv.mobilbank.testapp' lng = u'no.spv.mobilbank.UserPreferences' md5 = u'cfccc98097cd18fb7079d688e6196516' FILES: No FILES data COOKIES: csrftoken = 'vn6mbo5gxezAXCAvdZGXJ1iY6Q5L91gt' META: WINDOWID = '54525956' wsgi.multiprocess = False RUN_MAIN = 'true' HTTP_REFERER = 'http://localhost:8000/DynamicAnalyzer/' GNOME_DESKTOP_SESSION_ID = 'this-is-deprecated' GJS_DEBUG_OUTPUT = 'stderr' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SOFTWARE = 'WSGIServer/0.1 Python/2.7.9' SCRIPT_NAME = u'' XDG_CURRENT_DESKTOP = 'GNOME' QUERY_STRING = '' REQUEST_METHOD = 'POST' LOGNAME = 'root' USER = 'root' PATH = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' XDG_VTNR = '7' HOME = '/root' DISPLAY = ':0' SSH_AGENT_PID = '1014' LANG = 'nb_NO.UTF-8' TERM = 'xterm' SHELL = '/bin/bash' TZ = 'UTC' XAUTHORITY = '/var/run/gdm3/auth-for-root-C9Qemx/database' PATH_INFO = u'/GetEnv/' SESSION_MANAGER = 'local/kali:@/tmp/.ICE-unix/913,unix/kali:/tmp/.ICE-unix/913' SHLVL = '1' TERMINATOR_UUID = 'urn:uuid:313d307f-36fa-4c44-ac75-1f1fea579470' wsgi.urlscheme = 'http' WINDOWPATH = '7' = '/usr/bin/python' SERVER_PORT = '8000' CONTENT_LENGTH = '155' GIO_LAUNCHED_DESKTOP_FILE_PID = '5101' GPG_AGENT_INFO = '/run/user/0/keyring/gpg:0:1' USERNAME = 'root' XDG_SESSION_DESKTOP = 'default' GIO_LAUNCHED_DESKTOP_FILE = '/usr/share/applications/terminator.desktop' HTTP_PRAGMA = 'no-cache' XDG_RUNTIME_DIR = '/run/user/0' HTTP_X_REQUESTED_WITH = 'XMLHttpRequest' CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=UTF-8' SSH_AUTH_SOCK = '/run/user/0/keyring/ssh' GDMSESSION = 'default' wsgi.input = HTTP_USER_AGENT = 'Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.1' HTTP_HOST = 'localhost:8000' wsgi.multithread = True HTTP_CONNECTION = 'keep-alive' HTTP_CACHE_CONTROL = 'no-cache' XDG_SESSION_ID = '1' DBUS_SESSION_BUS_ADDRESS = 'unix:abstract=/tmp/dbus-FpS18njTXo,guid=f496087df41bc66be43da1e456010ab5' ORBIT_SOCKETDIR = '/tmp/orbit-root' HTTPACCEPT = 'application/json, text/javascript, /_; q=0.01' DESKTOP_SESSION = 'default' wsgi.file_wrapper = '' wsgi.version = SERVER_NAME = 'localhost' GATEWAY_INTERFACE = 'CGI/1.1' wsgi.run_once = False CSRF_COOKIE = u'vn6mbo5gxezAXCAvdZGXJ1iY6Q5L91gt' OLDPWD = '/home' REMOTE_ADDR = '127.0.0.1' HTTP_ACCEPT_LANGUAGE = 'en-US,en;q=0.5' GDM_LANG = 'nb_NO.UTF-8' wsgi.errors = ', mode 'w' at 0x7ff5cdb121e0> HTTP_ACCEPT_ENCODING = 'gzip, deflate' XDG_DATA_DIRS = '/usr/share/gnome:/usr/local/share/:/usr/share/' PWD = '/home/MobSF' DJANGO_SETTINGS_MODULE = 'MobSF.settings' COLORTERM = 'gnome-terminal' XDG_MENU_PREFIX = 'gnome-' LSCOLORS = 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.Z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.jpg=01;35:.jpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.axv=01;35:.anx=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.axa=00;36:.oga=00;36:.spx=00;36:_.xspf=00;36:' REMOTE_HOST = '' GJS_DEBUG_TOPICS = 'JS ERROR;JS LOG' HTTP_COOKIE = 'csrftoken=vn6mbo5gxezAXCAvdZGXJ1iY6Q5L91gt' XDG_SEAT = 'seat0' Settings: Using settings module MobSF.settings SECURE_BROWSER_XSS_FILTER = False USE_THOUSAND_SEPARATOR = False CSRF_COOKIE_SECURE = False LANGUAGE_CODE = 'en-us' ROOT_URLCONF = 'MobSF.urls' MANAGERS = BASE_DIR = '/home/MobSF' SILENCED_SYSTEM_CHECKS = [] DEFAULT_CHARSET = 'utf-8' SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer' STATIC_ROOT = None ALLOWED_HOSTS = [] MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' EMAIL_SUBJECT_PREFIX = '[Django] ' SERVER_EMAIL = 'root@localhost' SECURE_HSTS_SECONDS = 0 STATICFILES_FINDERS = SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_NAME = 'sessionid' TIME_INPUT_FORMATS = SECURE_REDIRECT_EXEMPT = [] DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'AUTOCOMMIT': True, 'ATOMIC_REQUESTS': False, 'NAME': '/home/MobSF/db.sqlite3', 'CONN_MAX_AGE': 0, 'TIMEZONE': 'UTC', 'OPTIONS': {}, 'HOST': '', 'USER': '', 'TEST': {'COLLATION': None, 'CHARSET': None, 'NAME': None, 'MIRROR': None}, 'PASSWORD': u'***', 'PORT': ''}} EMAIL_SSLKEYFILE = u'******_' TEMPLATE_DEBUG = True FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_HANDLERS = DEFAULT_CONTENT_TYPE = 'text/html' UUID = '5a890b7a-c375-4583-b5a8-96bc9c4658e9' SUUID = '098860c3-8669-4920-9ce0-918349a549f5' APPEND_SLASH = True LOCALE_PATHS = DATABASE_ROUTERS = [] DEFAULT_TABLESPACE = '' YEAR_MONTH_FORMAT = 'F Y' STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} SESSION_COOKIE_PATH = '/' SECURE_CONTENT_TYPE_NOSNIFF = False MIDDLEWARE_CLASSES = USE_I18N = True THOUSAND_SEPARATOR = ',' SECRETKEY = u'******_' PORT = '1337' LANGUAGE_COOKIE_NAME = 'django_language' DECOMPILER = 'jd-core' DEFAULT_INDEX_TABLESPACE = '' LOGGING_CONFIG = 'logging.config.dictConfig' TEMPLATE_LOADERS = VBOX = '/usr/bin/VBoxManage' FIRST_DAY_OF_WEEK = 0 WSGI_APPLICATION = 'MobSF.wsgi.application' PROXY_IP = '192.168.56.1' X_FRAME_OPTIONS = 'SAMEORIGIN' CSRF_COOKIE_NAME = 'csrftoken' EMAIL_HOSTPASSWORD = u'******_' USE_X_FORWARDED_HOST = False EMAIL_TIMEOUT = None SECURE_SSL_HOST = None SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SESSION_COOKIE_SECURE = False JAVA_PATH = '/usr/bin/' CSRF_COOKIE_DOMAIN = None FILE_CHARSET = 'utf-8' DEBUG = True LANGUAGE_COOKIE_DOMAIN = None DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' INSTALLED_APPS = LANGUAGES = USE_L10N = True SECURE_HSTS_INCLUDE_SUBDOMAINS = False STATICFILES_DIRS = '/home/MobSF/static/' PREPEND_WWW = False SECURE_PROXY_SSL_HEADER = None LANGUAGE_COOKIE_AGE = None SESSION_COOKIE_HTTPONLY = True DEBUG_PROPAGATE_EXCEPTIONS = False CSRF_COOKIE_AGE = 31449600 MONTH_DAY_FORMAT = 'F j' LOGIN_URL = '/accounts/login/' SESSION_EXPIRE_AT_BROWSER_CLOSE = False TIME_FORMAT = 'P' AUTH_USER_MODEL = 'auth.User' DATE_INPUT_FORMATS = AUTHENTICATION_BACKENDS = 'django.contrib.auth.backends.ModelBackend' FORCE_SCRIPT_NAME = None PASSWORD_RESET_TIMEOUTDAYS = u'******_' SESSION_FILE_PATH = None CACHE_MIDDLEWARE_ALIAS = 'default' SESSION_SAVE_EVERY_REQUEST = False NUMBER_GROUPING = 0 SESSION_ENGINE = 'django.contrib.sessions.backends.db' CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_COOKIE_PATH = '/' LOGIN_REDIRECT_URL = '/accounts/profile/' DECIMAL_SEPARATOR = '.' IGNORABLE_404_URLS = MIGRATION_MODULES = {} TEMPLATE_STRING_IF_INVALID = '' LOGOUT_URL = '/accounts/logout/' EMAIL_USE_TLS = False FIXTURE_DIRS = EMAIL_HOST = 'localhost' DATE_FORMAT = 'N j, Y' MEDIA_ROOT = '/home/MobSF/uploads' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' ADMINS = FORMAT_MODULE_PATH = None DEFAULT_FROM_EMAIL = 'webmaster@localhost' MEDIA_URL = '/uploads/' DATETIME_FORMAT = 'N j, Y, P' TEMPLATE_DIRS = '/home/MobSF/templates' DISALLOWED_USER_AGENTS = ALLOWED_INCLUDE_ROOTS = LOGGING = {} SHORT_DATE_FORMAT = 'm/d/Y' TEMPLATES = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' CACHE_MIDDLEWARE_KEYPREFIX = u'******_' SECURE_SSL_REDIRECT = False TIME_ZONE = 'UTC' FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_USE_SSL = False TEMPLATE_CONTEXT_PROCESSORS = SESSION_COOKIE_AGE = 1209600 VM_IP = '192.168.56.101' SETTINGS_MODULE = 'MobSF.settings' USE_ETAGS = False LANGUAGES_BIDI = FILE_UPLOAD_TEMP_DIR = None INTERNAL_IPS = STATIC_URL = '/static/' EMAIL_PORT = 25 USE_TZ = True SHORT_DATETIME_FORMAT = 'm/d/Y P' TEST_NON_SERIALIZED_APPS = [] PASSWORDHASHERS = u'*******' ABSOLUTE_URL_OVERRIDES = {} LANGUAGE_COOKIE_PATH = '/' CACHE_MIDDLEWARE_SECONDS = 600 EMAIL_SSL_CERTFILE = None CSRF_COOKIE_HTTPONLY = False DATETIME_INPUT_FORMATS = EMAIL_HOST_USER = '' You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard page generated by the handler for this status code.
And from the console:
[INFO] Finding JDK Location in Linux/MAC....
[INFO] Oracle Java is installed!
[INFO] JDK 1.7 or above is available
[INFO] Finding JDK Location in Linux/MAC....
[INFO] Oracle Java is installed!
[INFO] JDK 1.7 or above is available Performing system checks...
System check identified no issues (0 silenced). September 23, 2015 - 07:28:58 Django version 1.8, using settings 'MobSF.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. [INFO] Mobile Security Framework v0.8.8beta [23/Sep/2015 07:29:06]"GET / HTTP/1.1" 200 7201 [23/Sep/2015 07:29:06]"GET /static/css/bootstrap.min.css HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/css/cover.css HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/js/ie-emulation-modes-warning.js HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/js/jquery.min.js HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/img/logo-head.png HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/js/bootstrap.min.js HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/js/ie10-viewport-bug-workaround.js HTTP/1.1" 304 0 [23/Sep/2015 07:29:06]"GET /static/fonts/glyphicons-halflings-regular.woff HTTP/1.1" 304 0 [INFO] MIME Type: application/vnd.android.package-archive FILE: SpvMobilbank-spvtest-debug-2.0.0.apk [23/Sep/2015 07:29:13]"POST /Upload/ HTTP/1.1" 200 159 [INFO] Starting Analysis on : SpvMobilbank-spvtest-debug-2.0.0.apk
[INFO] Analysis is already Done. Fetching data from the DB... [23/Sep/2015 07:29:14]"GET /StaticAnalyzer/?name=SpvMobilbank-spvtest-debug-2.0.0.apk&type=apk&checksum=cfccc98097cd18fb7079d688e6196516 HTTP/1.1" 200 61590 [23/Sep/2015 07:29:14]"GET /static/css/bootstrap.css HTTP/1.1" 304 0 [23/Sep/2015 07:29:14]"GET /static/css/dashboard.css HTTP/1.1" 304 0 [23/Sep/2015 07:29:14]"GET /static/js/Chart.js HTTP/1.1" 304 0 VBoxManage: error: Cannot power down a saved virtual machine VBoxManage: error: Details: code VBOX_E_INVALID_VM_STATE (0x80bb0002), component Console, interface IConsole, callee nsISupports VBoxManage: error: Context: "PowerDown(progress.asOutParam())" at line 228 of file VBoxManageControlVM.cpp
[INFO] VM Closed Restoring snapshot 098860c3-8669-4920-9ce0-918349a549f5 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
[INFO] VM Restore Snapshot Waiting for VM "5a890b7a-c375-4583-b5a8-96bc9c4658e9" to power on... VM "5a890b7a-c375-4583-b5a8-96bc9c4658e9" has been successfully started.
[INFO] VM Starting [23/Sep/2015 07:29:25]"POST /DynamicAnalyzer/ HTTP/1.1" 200 17778
[INFO] HTTPS Proxy (PID: 5416) Running on 192.168.56.1:1337 [23/Sep/2015 07:29:38]"POST /GetEnv/ HTTP/1.1" 500 11889
For Kali, it seems the error occurred here
subprocess.call([adb, "kill-server"]) File "/usr/lib/python2.7/subprocess.py" in call 522. return Popen(popenargs, *kwargs).wait() File "/usr/lib/python2.7/subprocess.py" in init 710. errread, errwrite) File "/usr/lib/python2.7/subprocess.py" in _execute_child 1335. raise child_exception Exception Type: OSError at /GetEnv/ Exception Value: [Errno 2] No such file or directory
Go to DynamicAnalyzer/tools/adb/linux/ and try executing adb from your terminal and see if the command is giving an output also make sure that tools dir is having execute permission.
Still I am not getting what is wrong with the proxy at your side. If it's fine then we can have a team-viewer session to sort this out.
I got it working by changing
subprocess.call([adb, "kill-server"])
to
subprocess.call(["adb", "kill-server"])
meaning it's using the adb version already installed in kali.
Now it will run and connect through proxy :)
unfortunately it seems the proxy doesn't like SSL?
Well adb is a variable that points to the linux adb executable under Dynamic\Analyzer\tools\adb\linux\adb which may not be compactable in your case. Proxy is working fine on the machine i tested. If you are still facing issues, I can help you via a Google Hangouts or Teamviewer session.
I have run all the steps above, but apparently not work
_WindowsError at /GetEnv/ [Error 2] The system cannot find the file specified Request Method: POST Request URL: http://127.0.0.1:8000/GetEnv/ Django Version: 1.8 Python Executable: D:\PORTABLE\2.7.6.1\App\python2.exe Python Version: 2.7.6 Python Path: ['C:\MobSF', 'D:\PORTABLE\2.7.6.1\App\python27.zip', 'D:\PORTABLE\2.7.6.1\App\DLLs', 'D:\PORTABLE\2.7.6.1\App\lib', 'D:\PORTABLE\2.7.6.1\App\lib\plat-win', 'D:\PORTABLE\2.7.6.1\App\lib\lib-tk', 'D:\PORTABLE\2.7.6.1\App', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\PIL', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\gtk-2.0', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\win32', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\win32\lib', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\Pythonwin', 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\wx-3.0-msw'] Server time: Tue, 5 Jan 2016 17:57:06 +0700 Installed Applications: ('django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'StaticAnalyzer', 'DynamicAnalyzer') Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware') Traceback: File "D:\PORTABLE\2.7.6.1\App\lib\site-packages\django\core\handlers\base.py" in get_response 132. response = wrapped_callback(request, callback_args, _callback_kwargs) File "C:\MobSF\DynamicAnalyzer\views.py" in GetEnv 65. proxy_process=WebProxy(TOOLS_DIR,APP_DIR,PROXY_IP,PORT,'10') File "C:\MobSF\DynamicAnalyzer\views.py" in WebProxy 413. x=subprocess.Popen(args) File "D:\PORTABLE\2.7.6.1\App\lib\subprocess.py" in init** 709. errread, errwrite) File "D:\PORTABLE\2.7.6.1\App\lib\subprocess.py" in _execute_child 957. startupinfo) Exception Type: WindowsError at /GetEnv/ Exception Value: [Error 2] The system cannot find the file specified Request information: GET: No GET data POST: csrfmiddlewaretoken = u'bYzen8mQFOjVIasDmjJrKmnUgWLg5SHO' pkg = u'indosat.net' lng = u'indosat.net.Activity.SplashScreen' md5 = u'59b62294510d6ef390cf3cbe68bdb570' FILES: No FILES data COOKIES: csrftoken = 'bYzen8mQFOjVIasDmjJrKmnUgWLg5SHO' META: TMP = 'C:\Users\snort\AppData\Local\Temp' COMPUTERNAME = 'SNORT-PC' wsgi.multiprocess = False RUN_MAIN = 'true' HTTP_REFERER = 'http://127.0.0.1:8000/DynamicAnalyzer/' USERDOMAIN = 'snort-PC' SERVER_PROTOCOL = 'HTTP/1.1' SERVER_SOFTWARE = 'WSGIServer/0.1 Python/2.7.6' PSMODULEPATH = 'C:\Windows\system32\WindowsPowerShell\v1.0\Modules\' SCRIPT_NAME = u'' COMMONPROGRAMFILES = 'C:\Program Files (x86)\Common Files' PROCESSOR_IDENTIFIER = 'Intel64 Family 6 Model 42 Stepping 7, GenuineIntel' REQUEST_METHOD = 'POST' VBOX_MSI_INSTALL_PATH = 'C:\Program Files\Oracle\VirtualBox\' PROGRAMFILES = 'C:\Program Files (x86)' PROCESSOR_REVISION = '2a07' PATH = 'D:\PORTABLE\2.7.6.1\App\lib\site-packages\gtk-2.0\runtime\bin;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Skype\Phone\;D:\xampp\php;C:\ProgramData\ComposerSetup\bin;C:\Program Files (x86)\Nmap;D:\PORTABLE\2.7.6.1\App;D:\PORTABLE\2.7.6.1\App\Scripts;' QUERY_STRING = '' SYSTEMROOT = 'C:\Windows' HTTP_ORIGIN = 'http://127.0.0.1:8000' PROGRAMFILES(X86) = 'C:\Program Files (x86)' COMSPEC = 'C:\Windows\system32\cmd.exe' CONTENT_LENGTH = '143' HTTP_USER_AGENT = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36' HTTP_CONNECTION = 'keep-alive' HTTP_COOKIE = 'csrftoken=bYzen8mQFOjVIasDmjJrKmnUgWLg5SHO' TEMP = 'C:\Users\snort\AppData\Local\Temp' REMOTE_ADDR = '127.0.0.1' COMMONPROGRAMFILES(X86) = 'C:\Program Files (x86)\Common Files' PROCESSOR_ARCHITECTURE = 'x86' wsgi.url_scheme = 'http' ALLUSERSPROFILE = 'C:\ProgramData' SERVER_PORT = '8000' LOCALAPPDATA = 'C:\Users\snort\AppData\Local' HOMEPATH = '\Users\snort' PROCESSOR_LEVEL = '6' PROGRAMW6432 = 'C:\Program Files' USERNAME = 'snort' HTTPACCEPT = 'application/json, text/javascript, /_; q=0.01' LOGONSERVER = '\SNORT-PC' PROMPT = '$P$G' WINDOWS_TRACING_FLAGS = '3' HTTP_X_REQUESTED_WITH = 'XMLHttpRequest' PROGRAMDATA = 'C:\ProgramData' wsgi.multithread = True CSRF_COOKIE = u'bYzen8mQFOjVIasDmjJrKmnUgWLg5SHO' wsgi.input = wsgi.errors = ', mode 'w' at 0x005B60D0> HTTP_HOST = '127.0.0.1:8000' SESSIONNAME = 'Console' PATHEXT = '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC' PATH_INFO = u'/GetEnv/' FP_NO_HOST_CHECK = 'NO' WINDIR = 'C:\Windows' wsgi.file_wrapper = '' HTTP_ACCEPT_ENCODING = 'gzip, deflate' wsgi.version = WINDOWS_TRACING_LOGFILE = 'C:\BVTBin\Tests\installpackage\csilogfile.log' HOMEDRIVE = 'C:' SERVER_NAME = 'fasilkom.com' wsgi.run_once = False REMOTE_HOST = '' SYSTEMDRIVE = 'C:' GATEWAY_INTERFACE = 'CGI/1.1' HTTP_ACCEPT_LANGUAGE = 'en-US,en;q=0.8,id;q=0.6,ms;q=0.4,es;q=0.2,ru;q=0.2,pl;q=0.2,vi;q=0.2' DXSDK_DIR = 'C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\' NUMBER_OF_PROCESSORS = '4' APPDATA = 'C:\Users\snort\AppData\Roaming' DJANGO_SETTINGS_MODULE = 'MobSF.settings' CONTENT_TYPE = 'application/x-www-form-urlencoded; charset=UTF-8' PROCESSOR_ARCHITEW6432 = 'AMD64' COMMONPROGRAMW6432 = 'C:\Program Files\Common Files' OS = 'Windows_NT' PUBLIC = 'C:\Users\Public' USERPROFILE = 'C:\Users\snort' Settings: Using settings module MobSF.settings SECURE_BROWSER_XSS_FILTER = False USE_THOUSAND_SEPARATOR = False CSRF_COOKIE_SECURE = False LANGUAGE_CODE = 'en-us' ROOT_URLCONF = 'MobSF.urls' MANAGERS = BASE_DIR = 'C:\MobSF' SILENCED_SYSTEM_CHECKS = [] DEFAULT_CHARSET = 'utf-8' SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer' STATIC_ROOT = None ALLOWED_HOSTS = [] MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' EMAIL_SUBJECT_PREFIX = '[Django] ' SERVER_EMAIL = 'root@localhost' SECURE_HSTS_SECONDS = 0 STATICFILES_FINDERS = SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_NAME = 'sessionid' TIME_INPUT_FORMATS = SECURE_REDIRECT_EXEMPT = [] DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'AUTOCOMMIT': True, 'ATOMIC_REQUESTS': False, 'NAME': 'C:\MobSF\db.sqlite3', 'CONN_MAX_AGE': 0, 'TIMEZONE': 'UTC', 'OPTIONS': {}, 'HOST': '', 'USER': '', 'TEST': {'COLLATION': None, 'CHARSET': None, 'NAME': None, 'MIRROR': None}, 'PASSWORD': u'***', 'PORT': ''}} EMAIL_SSLKEYFILE = u'******_' TEMPLATE_DEBUG = True FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_PERMISSIONS = None FILE_UPLOAD_HANDLERS = DEFAULT_CONTENT_TYPE = 'text/html' UUID = '63aa87a0-1424-4ac9-be55-ea8ed426d621' SUUID = '59e0cc88-3737-4ff0-bdf4-b4b9484153c6' APPEND_SLASH = True LOCALE_PATHS = DATABASE_ROUTERS = [] DEFAULT_TABLESPACE = '' YEAR_MONTH_FORMAT = 'F Y' STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} SESSION_COOKIE_PATH = '/' SECURE_CONTENT_TYPE_NOSNIFF = False MIDDLEWARE_CLASSES = USE_I18N = True THOUSAND_SEPARATOR = ',' SECRETKEY = u'******_' PORT = '1337' LANGUAGE_COOKIE_NAME = 'django_language' DECOMPILER = 'jd-core' DEFAULT_INDEX_TABLESPACE = '' LOGGING_CONFIG = 'logging.config.dictConfig' TEMPLATE_LOADERS = VBOX = 'C:\Program Files\Oracle\VirtualBox\VBoxManage.exe' FIRST_DAY_OF_WEEK = 0 WSGI_APPLICATION = 'MobSF.wsgi.application' PROXY_IP = '192.168.56.1' X_FRAME_OPTIONS = 'SAMEORIGIN' CSRF_COOKIE_NAME = 'csrftoken' EMAIL_HOSTPASSWORD = u'******_' USE_X_FORWARDED_HOST = False EMAIL_TIMEOUT = None SECURE_SSL_HOST = None SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SESSION_COOKIE_SECURE = False JAVA_PATH = 'C:/Program Files/Java/jdk1.8.0_65/bin/' CSRF_COOKIE_DOMAIN = None FILE_CHARSET = 'utf-8' DEBUG = True LANGUAGE_COOKIE_DOMAIN = None DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' INSTALLED_APPS = LANGUAGES = USE_L10N = True SECURE_HSTS_INCLUDE_SUBDOMAINS = False STATICFILES_DIRS = 'C:\MobSF\static/' PREPEND_WWW = False SECURE_PROXY_SSL_HEADER = None LANGUAGE_COOKIE_AGE = None SESSION_COOKIE_HTTPONLY = True DEBUG_PROPAGATE_EXCEPTIONS = False CSRF_COOKIE_AGE = 31449600 MONTH_DAY_FORMAT = 'F j' LOGIN_URL = '/accounts/login/' SESSION_EXPIRE_AT_BROWSER_CLOSE = False TIME_FORMAT = 'P' AUTH_USER_MODEL = 'auth.User' DATE_INPUT_FORMATS = AUTHENTICATION_BACKENDS = 'django.contrib.auth.backends.ModelBackend' FORCE_SCRIPT_NAME = None PASSWORD_RESET_TIMEOUTDAYS = u'******_' SESSION_FILE_PATH = None CACHE_MIDDLEWARE_ALIAS = 'default' SESSION_SAVE_EVERY_REQUEST = False NUMBER_GROUPING = 0 SESSION_ENGINE = 'django.contrib.sessions.backends.db' CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_COOKIE_PATH = '/' LOGIN_REDIRECT_URL = '/accounts/profile/' DECIMAL_SEPARATOR = '.' IGNORABLE_404_URLS = MIGRATION_MODULES = {} TEMPLATE_STRING_IF_INVALID = '' LOGOUT_URL = '/accounts/logout/' EMAIL_USE_TLS = False FIXTURE_DIRS = EMAIL_HOST = 'localhost' DATE_FORMAT = 'N j, Y' MEDIA_ROOT = 'C:\MobSF\uploads' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' ADMINS = FORMAT_MODULE_PATH = None DEFAULT_FROM_EMAIL = 'webmaster@localhost' MEDIA_URL = '/uploads/' DATETIME_FORMAT = 'N j, Y, P' TEMPLATE_DIRS = 'C:\MobSF\templates' DISALLOWED_USER_AGENTS = ALLOWED_INCLUDE_ROOTS = LOGGING = {} SHORT_DATE_FORMAT = 'm/d/Y' TEMPLATES = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' CACHE_MIDDLEWARE_KEYPREFIX = u'******_' SECURE_SSL_REDIRECT = False TIME_ZONE = 'UTC' FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_USE_SSL = False TEMPLATE_CONTEXT_PROCESSORS = SESSION_COOKIE_AGE = 1209600 VM_IP = '192.168.56.101' SETTINGS_MODULE = 'MobSF.settings' USE_ETAGS = False LANGUAGES_BIDI = FILE_UPLOAD_TEMP_DIR = None INTERNAL_IPS = STATIC_URL = '/static/' EMAIL_PORT = 25 USE_TZ = True SHORT_DATETIME_FORMAT = 'm/d/Y P' TEST_NON_SERIALIZED_APPS = [] PASSWORDHASHERS = u'******_' ABSOLUTE_URL_OVERRIDES = {} LANGUAGE_COOKIE_PATH = '/' CACHE_MIDDLEWARE_SECONDS = 600 EMAIL_SSL_CERTFILE = None CSRF_COOKIE_HTTPONLY = False DATETIME_INPUT_FORMATS = EMAIL_HOSTUSER = '' You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard page generated by the handler for this status code.**
@mrtompa I am having the same issue you experienced but with W10 do you think you could outline the steps you took to get MobSF working with genymotion and fiddler?
@errbufferoverfl I got i working on Kali, still no luck on win8. I probably did not explain it well before.. but what I meant was that if I ran Genymotion, I could connect that to fiddler proxy but not to the proxy in MobSF. (I think MobSF uses a VM based on Genymotion under the hood, so that's why I tried running an instance of genymotion outside of MobSF to se if the VM could connect to a proxy)
@mrtompa ah well if you got it working on Kali that gives me hope I'll be able to get it working in Mint. I ultimately ended up doing something similar (setting it up in Genymotion and using Fiddler), however found the flaw when I realized I couldn't set up bluetooth.
I will try Mint and see how I go. Thanks for your reply!
v0.9 released please try again and reopen if applicable.
[46034] [ERROR] Can't connect to ('127.0.0.1', 8000) on Mobsf in parrot os
[INFO] VM Starting [15/Sep/2015 09:12:26]"POST /DynamicAnalyzer/ HTTP/1.1" 200 17778 [INFO] HTTPS Proxy (PID: 11384) Running on 192.168.56.1:1340 daemon not running. starting it now on port 5037 daemon started successfully
I tried wget with proxy settings from shell on device, but can't connect to proxy. Host is reachable from VM:
1|root@mobsec:/etc # ping 192.168.56.1 PING 192.168.56.1 (192.168.56.1) 56(84) bytes of data. 64 bytes from 192.168.56.1: icmp_seq=1 ttl=128 time=0.376 ms 64 bytes from 192.168.56.1: icmp_seq=2 ttl=128 time=0.479 ms ^X64 bytes from 192.168.56.1: icmp_seq=3 ttl=128 time=0.858 ms 64 bytes from 192.168.56.1: icmp_seq=4 ttl=128 time=1.22 ms 64 bytes from 192.168.56.1: icmp_seq=5 ttl=128 time=0.636 ms 64 bytes from 192.168.56.1: icmp_seq=6 ttl=128 time=0.871 ms ^C --- 192.168.56.1 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5003ms
And proxy is listening on port 1340:
$ netstat -nao | grep 1340 TCP 192.168.56.1:1340 0.0.0.0:0 LISTENING 11384
From antother linux (debian) VM I can use the proxy through wget. :
wget http://debian.org/Pics/debian.png -e use_proxy=yes -e http_proxy=http://192.168.56.1:1340 --2015-09-16 09:33:14-- http://debian.org/Pics/debian.png Connecting to 192.168.56.1:1340... connected. Proxy forespřrsel sendt, mottar topptekster... 301 Moved Permanently Sted: http://www.debian.org/Pics/debian.png [omdirigert] --2015-09-16 09:33:15-- http://www.debian.org/Pics/debian.png Reusing existing connection to 192.168.56.1:1340. Proxy forespřrsel sendt, mottar topptekster... 200 OK Lengde: 3895 (3,8K) [image/png] Saving to: ‘debian.png’
debian.png 100%[=================================================>] 3,80K --.-KB/s in 0s
Then I find this in proxy log:
\Mobile-Security-Framework-MobSF\logs$ tail -f proxy.log [I 150916 10:34:57 web:1825] 301 GET http://debian.org/Pics/debian.png (192.168.56.1) 195.00ms [I 150916 10:34:57 web:1825] 200 GET http://www.debian.org/Pics/debian.png (192.168.56.1) 156.00ms
Any suggestions?