What is MobSleuth?

MobSleuth is a collection of scripts using which we can setup a virtual lab for Android App security assessments.

✨ With MobSleuth we get:

  • A complete setup of tools (manual + automated) to start hacking Android apps.
  • One-command root access to the Android container.
  • BurpSuite running on the host machine to intercept and modify traffic.
  • Mobsf with dynamic analysis capabilities connected to Android container.
  • ADB server running on port 5555 to connect to the Android container.
  • Scrcpy to mirror and control the Android container.
  • Scripts to generate a CA certificate and install them on the Android container.
  • Scripts to install and run Frida on the Android container.
Mobsleuth in Action!

Motivation for this project 🎯

Setting up an Android app hacking lab has always been a challenge and many of us face the below challenges:

  • Finding an Android emulation tool to run a Virtual Android device.
  • Rooting the Virtual Android device.
  • Installation of custom CA certificates.
  • Proxying the traffic via an interception tool and inspecting it.
  • Installation of Dynamic instrumentation tools such as Frida.

Most security engineers use third-party tools such as Genymotion, Bluestacks, Noxplayer, Memuplay. While these are good options to emulate your android app, they have propriataty usage licenses, needs an account before you use them and some even show advertisements 🧐.

Mobsleuth tries to solve this problem by using open-source tools and scripts to automate the setup of configuring Android hacking lab and provide useful scripts to ease the process of interceping traffic and perform dynamic instrumentation.

Few months back I discovered a great tool for Android emulation on x86-64 devices, called ReDroid. This was a perfect android emulator which I found to run well inside a docker container and also it was open-source.

Now, what remains is to install tools to intercept the traffic 🚧, decompile the APK, and perform dynamic instrumentation.

Tools used in this project 🛠️

Tool Name Type Description
MobSF FOSS Mobile Security Framework is an open-source, automated mobile app security testing tool.
reDroid FOSS Remote anDroid solution for emulating an Android device in a container.
Scrcpy FOSS A free and open-source tool that allows you to mirror and control your Android device from your computer via ADB.
Frida FOSS Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Jadx FOSS Dex to Java decompiler.
Objection FOSS Runtime Mobile Exploration.
Pidcat FOSS Colored logcat script which only shows log entries for a specific application package.
APKiD FOSS Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android.
ApkTool FOSS A tool for reverse engineering Android apk files.
BurpSuite CE proprietary Powerful web application security testing platform with interception, scanning, fuzzing, and more.

Architecture Diagram 🗺️

I have created a simple architecture diagram to show how the tools are connected and how they interact with each other. Here is the diagram: