Mobile Pentesting 101 – Introducing to MMSF (Massive Mobile Security Framework)
2023-9-18 14:0:0 Author: securitycafe.ro(查看原文) 阅读量:30 收藏

Sometimes it can be harder to choose one tool over another when it comes to mobile pentesting. Multiple Frida scripts are available, some work some don’t. Drozer can be harder to install sometimes, or even harder to use in some cases. That’s why I decided to craft a tool that combines multiple other tools and methodologies together so that you can jump right into the action and start pentesting some mobile applications.

  1. About the tool
  2. Usage
  3. How it works
  4. Requirements
  5. Advanced Usage
  6. Future work and conclusions
MMSF logo

As the name implies, Massive Mobile Security Framework, or MMSF, is a mobile framework that combines functionalities from Frida, objection, drozer, and many more. It also helps to combine some methodologies that help you better analyze the applications, whether it is iOS or Android. Moreover, it is open source, and available for anyone for free. You can find the tool on GitHub https://github.com/St3v3nsS/MMSF.  

Usage

It might sound a bit complicated, but it is not. It works almost like Metasploit, with modules to be used. As it is in an incipient phase, you cannot call the module like you do in Metasploit, but it is not far from it. So basically, you have the listmodules and usemodule commands for changing modules. Also, set, run, and show are your friends.

python3 mmsf.py

Don’t believe my words, just put the MMSF into action and bypass the root detection of a mobile application.

mmsf> listmodules
mmsf> usemodule rootdetection
mmsf (rootdetection)> usemodule frida
mmsf (rootdetection/frida)> set
mmsf (rootdetection/frida/set)> app com.st3v3nss.TestRMS
mmsf (rootdetection/frida/set)> run
mmsf (rootdetection/frida)> back
mmsf (rootdetection)> back
mmsf>  

How it works

Behind the scenes, the tool uses multiple Python modules that were designed for specific actions like root detection or biometrics bypass. Every module is designed to use one or more tools to finish the required job, e.g. to bypass the root detection mechanisms using either Frida or objection.

MMSF is designed to automatically detect the type of device that is connected (iOS or Android). It uses Frida to discover the connected devices so it should easily work with remote devices.

Every module might have other submodules like the one mentioned above where you should use the usemodule command twice. The todo list at the end includes the usage of full module paths like usemodule rootdetection/frida.

Also, every module has arguments that need to be set in order to successfully execute the command. The arguments can be seen by typing show. If it returns nothing, try using listmodules as it might be running a submodule.

Setting the arguments is as simple as calling the set method. After that you see the location changing. Here, you can again type show or press TAB to view the arguments that need to be set. Just type the argument name and the expected value(s).

Requirements

Right now, the tool was designed to run specifically on *unix devices, but it can be easily updated to work on Windows too, as it requires Python, docker, and java to be installed, which also work on Windows.

Just run the following commands to get going:

python3 -m pip install -r requirements.txt
python3 mmsfupdate.py

Advanced Usage

MMSF uses a config file with all the commands and saving locations that can be found at MMSF/Classes/constants.py. Here you can modify locations, tool paths, and other important data to suit your needs:

Contents of constants.py

If you are too lazy to type the magic command usemodule, don’t worry, I include here the full list of available modules and what exactly every one of them does.

ModuleDescription
biometricsBypass Biometrics authentication on both iOS/Android
broadcastSend a broadcast intent
providerExploit the exported content provider to extract data
deeplinkLaunch a deeplink with supplied value or generate malicious files to steal sensitive data
backupExtract or restore a backup from an Android Application
findFind the package name of an application and/or its details by supplying a filter keyword
handleapkLaunch a deep link with supplied value or generate malicious files to steal sensitive data
intentStart an intent using supplied values like extra values, action, mime-type or data
jailbreakdetectionBypass the ios Jailbreak detection mechanisms through different methods
patchobjectionPatch IPA or APK
rootdetectionBypass the Android root detection mechanisms through different methods
sslpinningBypass the SSL Pinning mechanism through different methods
scanScan the application to retrieve crucial information such as exported activities, path traversal, SQL injections, attack vector, and so on
sniffSniffing a broadcast intent

Future work and conclusions

MMSF, as the name implies, is a collection of tools and methodologies that are put together to help white-hat hackers and security analysts execute their assessments. Sometimes it can be overwhelming when you encounter a huge application and a tool that helps you with the scripts, commands, and so on is more than welcome.

As this tool is a work-in-progress, there are multiple updates and bug fixes that I want to add. A few functionalities that are missing:

  • Autocomplete
  • Objection android bypass
  • Global module change like usemodule rootdetection/frida
  • Keystore misconfiguration checks
  • Implement Nuclei scans
  • Clipboard manager for both iOS and Android (for older versions)
  • Patch IPA functionality
  • Emulator Bypass
  • Split Apk install

I hope to add those as soon as possible as some of them are very useful in the pentesting process.

If you encounter bugs or you have development suggestions, please open an issue on GitHub, I am more than pleased to help.

Lastly, happy hunting and don’t use this for illegal purposes. 🎯


文章来源: https://securitycafe.ro/2023/09/18/mobile-pentesting-101-introducing-to-mmsf-massive-mobile-security-framework/
如有侵权请联系:admin#unsafe.sh