mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html
{% extends "base/base_layout.html" %} {% load static %} {% block sidebar_option %} sidebar-collapse {% endblock %} {% block extra_css %}{% endblock %} {% block content %}
Show ScreenRemove Root CA {% if android_version >= 5 %} Unset HTTP(S) ProxyTLS/SSL Security Tester {% endif %} Exported Activity TesterActivity Tester {% if android_version >= 5 %} Get Dependencies {% endif %} Take a ScreenshotLogcat StreamLive API MonitorGenerate Report
{% if android_version < 5 %}
Run App {% endif %}
API Monitoring SSL Pinning Bypass Root Detection Bypass Debugger Check Bypass Clipboard Monitor
Enumerate Loaded Classes Capture Strings Capture String Comparisons
Enumerate Class methods Search Class Pattern Trace Class Methods
Spawn & Inject Inject Attach Injected Code
{% if activities or exported_activities %} Activities {% for activity in exported_activities %} {{ activity }} {% endfor %} {% for activity in activities %} {{ activity }} {% endfor %} ♢ Start Activity {% endif %} {% if deeplinks %} Deep Links {% for activity, intent in deeplinks.items %} {% for scheme in intent.schemes %} {{ scheme }} {% endfor %} {% endfor %} {% for activity, intent in deeplinks.items %} {% for host in intent.hosts %} {{ host }} {% endfor %} {% endfor %} {% for activity, intent in deeplinks.items %} {% for path in intent.paths %} {{ path }} {% endfor %} {% for path_prefix in intent.path_prefixs %} {{ path_prefix }} {% endfor %} {% endfor %} ▶ Deeplink
{% endif %}
Java.perform(function() { // Use send() for logging });
Available Scripts (Use CTRL to choose multiple) Load
Data refreshed in every 3 seconds.
×
Attach
×
×
TLS/SSL Security test helps you to evaluate the security of your application's network connections. These tests are applicable only for applications that performs network connections over HTTP protocol. We run multiple TLS/SSL tests against the application.
TLS Misconfiguration Test - Enable HTTPS MITM Proxy, Remove Root CA, Run the App for 25 seconds.
This test will uncover insecure configurations that allow HTTPS connections bypassing certificate errors or SSL/TLS errors in WebViews. This is equivalent to not having TLS.
TLS Pinning/Certificate Transparency Test - Enable HTTPS MITM Proxy, Install Root CA, Run the App for 25 seconds.
This test will evaluate the application's TLS/SSL hardening controls and will check if the application implement certificate or public key pinning and or certificate transparency.
TLS Pinning/Certificate Transparency Bypass Test - Enable HTTPS MITM Proxy, Install Root CA, Bypass Certificate/Public Key Pinning or Certificate Transparency.
This test tries to bypass certificate or public key pinning and or certificate transparency controls in your application. MobSF can bypass most of the generic implementations.
NOTE: For Better results, while the application is running, navigate through different business logic flows that will trigger network connections over HTTP protocol. Make sure that no other applications are running during the test.
Test Progress
| TESTS | RESULT |
|---|---|
| TLS Misconfiguration Test | - |
| TLS Pinning/Certificate Transparency Test | - |
| TLS Pinning/Certificate Transparency Bypass Test | - |
| Cleartext Traffic Test | - |
Run TLS/SSL Tests
{% endblock %} {% block extra_scripts %} {% endblock %}