Dynamic Analysis Using MobSF

Dynamic Analysis Using MobSF
Why
MobSF has the ability to aid us in performing runtime analysis of Android applications.

What
To perform runtime analysis of an android app, the analyst must take following steps:

Configure MobSF for dynamic analysis of android apps
Perform runtime analysis with MobSF
Know the features provided as part of runtime analysis using MobSF
How
Configure Static Analyzer

 $ git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
 $ cd Mobile-Security-Framework-MobSF
 $ sudo pip3 install virtualenv
 $ sudo source venv/bin/activate
 $ pip install -r requirements.txt
 $ python3 manage.py runserver
Alternatively, start MobSF as a docker container:

 $ docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Download MobSF Android x86 4.4.2 VM (v0.3) ova file from https://drive.google.com/file/d/0B_Ci-1YbMqshY0xrYl9IWHVTVFU/view
Start the MobSF Android VM.
Configure Dynamic Analyzer as explained in following link: https://github.com/MobSF/Mobile-Security-Framework-MobSF/wiki/11.-Configuring-Dynamic-Analyzer-with-MobSF-Android-4.4.2-x86-VirtualBox-VM
Run MobSF and navigate to http://localhost:8000/ to access MobSF web interface.
Choose an APK file for dynamic analysis.
Click on Start Dynamic Analysis option in the left navigation menu.

Start dynamic analysis

Click on Create Environment button.

Create environment

Once the environment is created successfully, you can start dynamic analysis of the target application. Explore the different options provided by the MobSF framework for dynamic analysis.

Dynamic Analysis

References
https://kalilinuxtutorials.com/mobsf-mobile-security-framework/
https://github.com/MobSF/Mobile-Security-Framework-MobSF/wiki/1.-documentation
http://abhi7435thakur.blogspot.com/2017/11/security-testing.html