Sometimes it can be harder to choose one tool over another when it comes to mobile pentesting. Multiple Frida scripts are available, some work some don’t. Drozer can be harder to install sometimes, or even harder to use in some cases. That’s why I decided to craft a tool that combines multiple other tools and methodologies together so that you can jump right into the action and start pentesting some mobile applications.
As the name implies, Massive Mobile Security Framework, or MMSF, is a mobile framework that combines functionalities from Frida, objection, drozer, and many more. It also helps to combine some methodologies that help you better analyze the applications, whether it is iOS or Android. Moreover, it is open source, and available for anyone for free. You can find the tool on GitHub https://github.com/St3v3nsS/MMSF.
It might sound a bit complicated, but it is not. It works almost like Metasploit, with modules to be used. As it is in an incipient phase, you cannot call the module like you do in Metasploit, but it is not far from it. So basically, you have the listmodules
and usemodule
commands for changing modules. Also, set, run, and show
are your friends.
python3 mmsf.py
Don’t believe my words, just put the MMSF into action and bypass the root detection of a mobile application.
mmsf> listmodules
mmsf> usemodule rootdetection
mmsf (rootdetection)> usemodule frida
mmsf (rootdetection/frida)> set
mmsf (rootdetection/frida/set)> app com.st3v3nss.TestRMS
mmsf (rootdetection/frida/set)> run
mmsf (rootdetection/frida)> back
mmsf (rootdetection)> back
mmsf>
Behind the scenes, the tool uses multiple Python modules that were designed for specific actions like root detection or biometrics bypass. Every module is designed to use one or more tools to finish the required job, e.g. to bypass the root detection mechanisms using either Frida or objection.
MMSF is designed to automatically detect the type of device that is connected (iOS or Android). It uses Frida to discover the connected devices so it should easily work with remote devices.
Every module might have other submodules like the one mentioned above where you should use the usemodule command twice. The todo list at the end includes the usage of full module paths like usemodule rootdetection/frida
.
Also, every module has arguments that need to be set in order to successfully execute the command. The arguments can be seen by typing show. If it returns nothing, try using listmodules as it might be running a submodule.
Setting the arguments is as simple as calling the set method. After that you see the location changing. Here, you can again type show or press TAB to view the arguments that need to be set. Just type the argument name and the expected value(s).
Right now, the tool was designed to run specifically on *unix devices, but it can be easily updated to work on Windows too, as it requires Python, docker, and java to be installed, which also work on Windows.
Just run the following commands to get going:
python3 -m pip install -r requirements.txt
python3 mmsfupdate.py
MMSF uses a config file with all the commands and saving locations that can be found at MMSF/Classes/constants.py
. Here you can modify locations, tool paths, and other important data to suit your needs:
If you are too lazy to type the magic command usemodule, don’t worry, I include here the full list of available modules and what exactly every one of them does.
Module | Description |
---|---|
biometrics | Bypass Biometrics authentication on both iOS/Android |
broadcast | Send a broadcast intent |
provider | Exploit the exported content provider to extract data |
deeplink | Launch a deeplink with supplied value or generate malicious files to steal sensitive data |
backup | Extract or restore a backup from an Android Application |
find | Find the package name of an application and/or its details by supplying a filter keyword |
handleapk | Launch a deep link with supplied value or generate malicious files to steal sensitive data |
intent | Start an intent using supplied values like extra values, action, mime-type or data |
jailbreakdetection | Bypass the ios Jailbreak detection mechanisms through different methods |
patchobjection | Patch IPA or APK |
rootdetection | Bypass the Android root detection mechanisms through different methods |
sslpinning | Bypass the SSL Pinning mechanism through different methods |
scan | Scan the application to retrieve crucial information such as exported activities, path traversal, SQL injections, attack vector, and so on |
sniff | Sniffing a broadcast intent |
MMSF, as the name implies, is a collection of tools and methodologies that are put together to help white-hat hackers and security analysts execute their assessments. Sometimes it can be overwhelming when you encounter a huge application and a tool that helps you with the scripts, commands, and so on is more than welcome.
As this tool is a work-in-progress, there are multiple updates and bug fixes that I want to add. A few functionalities that are missing:
I hope to add those as soon as possible as some of them are very useful in the pentesting process.
If you encounter bugs or you have development suggestions, please open an issue on GitHub, I am more than pleased to help.
Lastly, happy hunting and don’t use this for illegal purposes. 🎯