change MSF implementation.

[tux-mind]

We have to change the way we manage the MSF. It's very exausting maintaining it in the current way ( patching MSF files from Java using sed ).

the following approaches were proposed by me and @rigid in #10

---

1. patch on device with java ( current approach )

Pros	Cons
download directly from rapid7 repo	patch logic inside cSploit
	.apk release needed when msf commit breaks stuff
	centralized
	more complexity (java code is more complex than diffs)

cSploit code must be up to date with MSF repo. this means that for every MSF changes we have to made a new release for a small code update.

workflow:

• check for msf update
• patch
• install
• in case of error:
  • user files an issue or patches cSploit java code
  • cSploit devs apply fix
  • new cSploit release

    2. patch on MSF fork

Pros	Cons
already patched, just download the zip	we have to maintain a fork of the MSF
no extra work on your device	we need a dedicated patch server
less complexity (no patching needed)	maintaining a fork is a time consuming task. (could be automated)
	centralized (could be decentralized with custom fork url - high user effort)

an idea that comes into my mind is to have a script that fetch MSF branches, hard reset our repo to their latest version, patch their files, commit and push.

workflow:

• check for msf update
• install
• in case of error:
  • user files an issue or patches MSF code
  • cSploit devs apply fix

    3. patch on device using diff/patch

Pros	Cons
patch is hosted outside your device	we must know the commit version if user want to offline install the MSF
can be applied to other 3rd party dependencies	code to apply patches from java needed (if no arm build of diff/patch is installed)
only 3 files to maintain (one per branch - master, release, unstable, ...)	would need (bundled) arm versions of diff/patch
users can send diffs to pull requests (quicker than sending java code)
decentralized (user can upload his patch to gist and change url in settings)
less complexity (diffs are less complex than code)

workflow:

• check rapid7 repo for msf update of configured branch
• download branch archive from rapid7
• download diff for that branch from hardcoded url
• apply patch
• install
• in case of error:
  • user files an issue or patches diff (A dialog could provide a link to the cSploit issues here - maybe even a log of the msf install could even be inserted in a new issue or copied to the clipboard)
  • cSploit devs apply fix

    4. patch on device using ruby

Pros	Cons
the script is outside your device	ruby is needed ( but MSF require it too :wink: ), can't patch ruby itself
no commit version needed	the script must recognize what to do.
only one file to maintain	more complexity (ruby code is more complex than diffs)
decentralized

workflow:

• download the script
• execute the script
• install
• in case of error:
  • user files an issue or patches the ruby script
  • cSploit devs apply fix

---

I think that the diff approach can be the easier one, but with some changes:

• cSploit will support only one certain commit of the MSF.
• the current supported commit have an unique patch file.

as user I love ( :heart: ) having everything under my control, so the patch file URL can be changed in settings.

some other suggestion ?

maybe the forked repo... will be great if the import process can be automated, like this:

• fastforward to master
• install on an android VM
• test if it works
• publish only if everything worked, send an email to devs if not.

I really need more help for get things goes right.

I have to graduate on July or I cannot enter the top-level grade courses.

thanks for sharing your ideas and time with me :blush:

[fabinhojcr]

Very good @tux-mind 😀

[newbie442]

Is there another option: users patching it themselves on their own desktop?

While this would demand more of the users, it should help make life easier for tux-mind - whose efforts we greatly appreciate. (I'm guessing that the average user here could handle this). (could be a sed script; or a diff; or replacing a whole section within the apk; or simply an editor for a small change?)

[tux-mind]

Hi @newbie442 thanks for the suggestion, but consider the following tasks:

• changes the gem sources to an external server that have compiled gems for your platform
• change gem versions to match the one on the external server
• change some commands that are not available on android ( like find or git ) to something else.

the most hard task is to compile native gems for your platform because:

• you must cross-compile the gem for android ( currently we support only arm )
• you must compile them statically using other cross-compiled libraries.
• you must own a server where to publish those gems.

as you can see these aren't easy tasks that any user can do.

so, we need an automated way to create diffs or update a fork to the offical MSF one.

---

BTW recently i saw that certain components of the MSF require at least ruby 2.1.

I made a lot of efforts to bring ruby 1.9 to android, and porting ruby 2.1 will require some extra time that will slow down all the other parts ( MITM ).

probably we will support only a certain old version of the MSF until we'll finish the work on the MITM part.

[lahmark]

About the MITM : One of the best features in cSploit is it's ability to performed MITM vectors attacks. We can combine the payloads of Metasploit with the MITM attack. Procedure :

• Be connected to 3g/4g network
• Use IP forwarding
• Configure IPTABLE to route HTTP traffic and enable SSLstrip From here, when someone connect to the phone hotspot, cSploit allow us to launch a payload against the victim device. Or cSploit's users can redirect the traffic throught a web_page which contain the payload (like : exploit/multi/browser/firefox_xpi_bootstrapped_addon if the victim use firefox on his laptop).

[Systemad]

I just want to say that I can now install MSF on my device. Thanks for the work! :D

[tux-mind]

sorry for my late reply. my girlfriend's grandparent died few days ago and these has been difficult days.

@Check-mate that's a good idea, but keep the things tidy and clean. the way the user traffic pass thought your device doesn't matter. if it's an hotspot or a MITM redirection don't care. the important thing is that we can manipulate the victim traffic. after this we can enable SSL split/strip.

there we can make the difference from other pentesting tools.

when we receive the first HTTP request we will known the user browser ( parsing it's UserAgent string ). will be great if cSploit can select a list of compatible exploits, thus to not restrict to the found vulnerabilities ( services running on the victim ). after this you will be able to use firefox/chrome/IE exploits against the user.

this sounds really good.

however this thread is for talking about the way we install the MSF beside cSploit.

please open a new issue describing your idea, just to keep things in the right place. probably I'll close this issue once I've fixed it and your enhancement will be lost.

thanks for your suggestion :blush:

[tux-mind]

I changed the way we install the MSF, can you test version 1.5.0 ? thanks in advance guys :blush:

[ghost]

The New 1.5.0 seems to work ( core installs itself well, same thing for ruby gems and msf framework) but the vulnerability founder isn't working and csploit can't connect to metasploit rpcd ( port problem, see #99)

[ghost]

Btw : Nice work for the New Msf implementation method :D

[newbie442]

On 03/10/15 13:48, Settix wrote:

The New 1.5.0 seems to work ( core installs itself well, same thing for ruby gems and msf framework) but the vulnerability founder isn't working and csploit can't connect to metasploit rpcd ( port problem, see #99)

---

Reply to this email directly or view it on GitHub: https://github.com/cSploit/android/issues/97#issuecomment-78108444

Ditto what Settix said about the installation. Though I had to take two runs at updating msf (perhaps there were two updates) gems took a bit of time.

Ditto regarding the vulnerability finder. Inspector passes on detected "ports" and services; vulnerability finder lists them again; starts up; waits 5 seconds or so; stops; nothing noted - neither vulnerabilities nor "no known vulnerabilities".

However, I have no problem stopping, and then starting metasploit rpcd.

HTH

[alexmanner]

Same here, the vulnerability finder doesn't work. It starts for half a second and then stops. It has worked in the previous versions.

Here is the relevant logcat:

03-11 12:30:54.831 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: last_index = 0 03-11 12:30:54.835 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: last_index = 0 03-11 12:30:54.864 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: last_index = 0 03-11 12:30:56.946 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: OpenSourcedVulnerability.query = "search[vuln_title]=FRITZ%21Box+http+config&search[text_type]=alltext&search[s_date]=&search[e_date]=&search[refid]=&search[referencetypes]=&search[vendors]=&search[cvss_score_from]=&search[cvss_score_to]=&search[cvssav]=&search[cvssac]=&search[cvssa]=&search[cvssci]=&search[cvssii]=&search[cvssai]=&kthx=search" 03-11 12:30:56.947 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: OpenSourcedVulnerability.query = "search[vuln_title]=FRITZ%21Box+Fon+WLAN+7390+WAP+ftpd&search[text_type]=alltext&search[s_date]=&search[e_date]=&search[refid]=&search[referencetypes]=&search[vendors]=&search[cvss_score_from]=&search[cvss_score_to]=&search[cvssav]=&search[cvssac]=&search[cvssa]=&search[cvssci]=&search[cvssii]=&search[cvssai]=&kthx=search" 03-11 12:30:56.948 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: OpenSourcedVulnerability.query = "search[vuln_title]=domain&search[text_type]=alltext&search[s_date]=&search[e_date]=&search[refid]=&search[referencetypes]=&search[vendors]=&search[cvss_score_from]=&search[cvss_score_to]=&search[cvssav]=&search[cvssac]=&search[cvssa]=&search[cvssci]=&search[cvssii]=&search[cvssai]=&kthx=search" 03-11 12:30:56.949 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: OpenSourcedVulnerability.query = "search[vuln_title]=Samba+smbd+3.X&search[text_type]=alltext&search[s_date]=&search[e_date]=&search[refid]=&search[referencetypes]=&search[vendors]=&search[cvss_score_from]=&search[cvss_score_to]=&search[cvssav]=&search[cvssac]=&search[cvssa]=&search[cvssci]=&search[cvssii]=&search[cvssai]=&kthx=search" 03-11 12:30:56.950 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: OpenSourcedVulnerability.query = "search[vuln_title]=sip&search[text_type]=alltext&search[s_date]=&search[e_date]=&search[refid]=&search[referencetypes]=&search[vendors]=&search[cvss_score_from]=&search[cvss_score_to]=&search[cvssav]=&search[cvssac]=&search[cvssa]=&search[cvssci]=&search[cvssii]=&search[cvssai]=&kthx=search" 03-11 12:30:57.021 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: last_index = 0 03-11 12:30:57.025 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: last_index = 0 03-11 12:30:57.027 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: last_index = 0 03-11 12:30:57.040 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: last_index = 0 03-11 12:30:57.046 D/CSPLOITnet.Databases.OpenSourcedVulnerability.search: last_index = 0 03-11 12:30:59.054 V/PhoneStatusBar(1217): setLightsOn(true) 03-11 12:30:59.325 E/WifiStateMachine(827): WifiStateMachine CMD_START_SCAN source -2 txSuccessRate=37,97 rxSuccessRate=28,73 targetRoamBSSID=00:00:00:00:00:00 RSSI=-51 03-11 12:30:59.325 E/WifiStateMachine(827): WifiStateMachine starting scan for "FRITZ!Box Fon WLAN 7390 5 GHz"WPA_PSK with 2412,5180 03-11 12:30:59.331 I/wpa_supplicant(9349): wlan0: CTRL-EVENT-SCAN-STARTED 03-11 12:30:59.603 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:3932:37.0:0 03-11 12:30:59.613 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:3982:37.0:0 03-11 12:31:04.614 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:4044:37.1:0 03-11 12:31:09.618 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:4043:37.1:0 03-11 12:31:14.629 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:4047:37.1:0 03-11 12:31:15.683 E/WifiStateMachine(827): WifiStateMachine CMD_START_SCAN source -2 txSuccessRate=3,47 rxSuccessRate=1,93 targetRoamBSSID=00:00:00:00:00:00 RSSI=-54 03-11 12:31:15.693 I/wpa_supplicant(9349): wlan0: CTRL-EVENT-SCAN-STARTED 03-11 12:31:19.660 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:4040:37.2:0 03-11 12:31:24.658 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:4046:37.1:0 03-11 12:31:29.668 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:4046:37.2:0 03-11 12:31:34.676 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:4013:37.1:0 03-11 12:31:34.678 D/com.gsamlabs.bbm.lib.NotifyingService(3453): ===:85:4051:37.1:0

Overall, great work.

[tux-mind]

ok, I can close this issue.

for the Vulnerability finder problem let's move the discussion over #101

thank you all for your time.

[ETeissonniere]

Hi, I have a new idea, cSploit can download an archive containing :

• a working ruby version.
• metasploit with all the gems. So, it is faster and easier, the app download one file, uncompress it, and... that's all. And if there is a metasploit or ruby update, we just have to modify the archive. Please say what you think about that.

[lief2]

Hi, That's indeed what @tux-mind is going to fix first i think : the old ruby version bug. As @tux-mind said, creating a package with all the gems would be more convienient at install but hard to maintain and you will have to redownload all the package when there's an update.

[ETeissonniere]

Yes, but that is just one file in that case, please note I already speak about that with him :smile:. Le 26 juil. 2015 21:26, "lief2" notifications@github.com a écrit :

Hi, That's indeed what @tux-mind https://github.com/tux-mind is going to fix first i think : the old ruby version bug. As @tux-mind https://github.com/tux-mind said, creating a package with all the gems would be more convienient at install but hard to maintain and you will have to redownload all the package when there's an update.

— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/97#issuecomment-125030754.

[tux-mind]

Hi mates. I don't thing that the "all in one" solution is a good approach.

Include the required gems into the MSF package can be a nice solution, but have a single package for both ruby and MSF will be very difficult to maintain.

I'm working on forking the official MSF repo. with a separate repo I can freeze cSploit to a certain version of the MSF while I'm working on new features. I'll try to keep it more flexible as possible, the repo URL will be editable in settings, giving you the ability to test and use your own fork of the MSF.

what are your impressions ? other suggestions ?

I apologize for working slowly in these days, but when I have no courses or exams I have to work to earn enough to fill my fridge for the next courses/exam session.

anyway I'm here, ready to rock :v:

[newbie442]

On 07/30/2015 11:18 AM, tux-mind wrote:

Hi mates. I don't thing that the "all in one" solution is a good approach.

Include the required gems into the MSF package can be a nice solution, but have a single package for both ruby and MSF will be very difficult to maintain.

O.K. I'm guessing this is the case because of excessive, trivial volatility in MSF.

I'm working on forking the official MSF repo. with a separate repo I can freeze cSploit to a certain version of the MSF while I'm working on new features. I'll try to keep it more flexible as possible, the repo URL will be editable in settings, giving you the ability to test and use your own fork of the MSF.

what are your impressions ? other suggestions ?

Yep.... if trivial volatility is the issue, this makes sense. You'd not need to chase little changes, and would update your fork only if there was a significant, broadly-applicable issue to test.

I apologize for working slowly in these days, but when I have no courses or exams I have to work to earn enough to fill my fridge for the next courses/exam session.

anyway I'm here, ready to rock :v:

EXCELLENT! YOU DA MAN!

[ETeissonniere]

Yes, good idea. As I say you in the first issue, to use the last metasploit versions, we must use the last ruby version, I think we may compile a new ruby version for android. Le 30 juil. 2015 22:31, "newbie442" notifications@github.com a écrit :

On 07/30/2015 11:18 AM, tux-mind wrote:

Hi mates. I don't thing that the "all in one" solution is a good approach.

Include the required gems into the MSF package can be a nice solution, but have a single package for both ruby and MSF will be very difficult to maintain.

O.K. I'm guessing this is the case because of excessive, trivial volatility in MSF.

I'm working on forking the official MSF repo. with a separate repo I can freeze cSploit to a certain version of the MSF while I'm working on new features. I'll try to keep it more flexible as possible, the repo URL will be editable in settings, giving you the ability to test and use your own fork of the MSF.

what are your impressions ? other suggestions ?

Yep.... if trivial volatility is the issue, this makes sense. You'd not need to chase little changes, and would update your fork only if there was a significant, broadly-applicable issue to test.

I apologize for working slowly in these days, but when I have no courses or exams I have to work to earn enough to fill my fridge for the next courses/exam session.

anyway I'm here, ready to rock :v:

EXCELLENT! YOU DA MAN!

— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/97#issuecomment-126474997.

[tux-mind]

@DeveloppSoft isn't just "compiling".

Ruby is wrote to work over the GNU libc, not the bionic one. We have to rewrite some parts of ruby to make it works on android. Also some libraries are not available ( or partially modified ) on android, like openssl.

So, we have to port it to android and then compile it. I spent about 2/3 weeks for porting ruby 1.9.

I'm working on the repo right now, for now cSploit will use an hybrid approach: fork + patching. I will slowly move to the repo only way, but I seriously need someone that will maintain it.

I want to focus my attention on features like network discovery and MITM rather then keeping patching the MSF.

I'm looking forward to fix all the open issues :blush:

[ETeissonniere]

Ok Le 31 juil. 2015 21:03, "tux-mind" notifications@github.com a écrit :

@DeveloppSoft https://github.com/DeveloppSoft isn't just "compiling".

Ruby is wrote to work over the GNU libc, not the bionic one. We have to rewrite some parts of ruby to make it works on android. Also some libraries are not available ( or partially modified ) on android, like openssl.

So, we have to port it to android and then compile it. I spent about 2/3 weeks for porting ruby 1.9.

I'm working on the repo right now, for now cSploit will use an hybrid approach: fork + patching. I will slowly move to the repo only way, but I seriously need someone that will maintain it.

I want to focus my attention on features like network discovery and MITM rather then keeping patching the MSF.

I'm looking forward to fix all the open issues [image: :blush:]

— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/97#issuecomment-126786350.

[tajnymag]

How about using Ruboto?

[ETeissonniere]

I already seen that, but I do not know if it can work with msf Le 2 août 2015 21:08, "Tajnymag" notifications@github.com a écrit :

How about using Ruboto? http://ruboto.org/index.html

— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/97#issuecomment-127055914.

[tux-mind]

ruboto uses JRuby, it will slow down everything. btw thanks for the suggestion @Tajnymag , even if we were talking about the msf management system.

[tux-mind]

MSF repo choosen as solution