mobsf / capfuzz Goto Github PK

Starting the dynamic analysis with mobsf will throw the following error related to capfuzz saying that 'click<7,>=6.2' is missing in the requirments

• daemon started successfully *
  Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 574, in _build_master
  ws.require(requires)
  File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 892, in require
  needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 783, in resolve
  raise VersionConflict(dist, req).with_context(dependent_req)
  pkg_resources.ContextualVersionConflict: (Click 7.0 (/usr/local/lib/python3.6/dist-packages), Requirement.parse('click<7,>=6.2'), {'mitmproxy'})

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/capfuzz", line 6, in
from pkg_resources import load_entry_point
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3088, in
@_call_aside
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3072, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3101, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 576, in _build_master
return cls._build_from_requirements(requires)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 589, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 778, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'click<7,>=6.2' distribution was not found and is required by mitmproxy

I start the dynamic analysis and configured on a real android device the MobSF proxy Capfuz. When I start downloading data using some app, the output of python3 manage.py runserver contains hundreds of lines:
`some-ip:port: clientconnect
some-ip:port clientdisconnect

`

I fear to miss out important messages because of that.

great tool! would it be possible to generate an x509 cert. heres why..
app im testing is cert pinning. ive bypassed it with burpsuite cert using the method and script here..
https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/
but when i attempt the same with any of the certs for capfuzz, i get this error... (which seems to be bc its not an x509 cert.)
Error: java.security.cert.CertificateException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0890ba:ASN.1 encoding routines:asn1_check_tlen:WRONG_TAG
at frida/node_modules/frida-java/lib/env.js:218
at input:1
at [anon] (/repl1.js:35)
at frida/node_modules/frida-java/lib/vm.js:39
at v (frida/node_modules/frida-java/index.js:344)
at frida/node_modules/frida-java/index.js:315
at frida/node_modules/frida-java/lib/vm.js:39
at /_java.js:2384
at [anon] (/repl1.js:63)

Create a pypi package for easy installation, and being able to put CapFuzz as dependency of other packages.

On generating the report after Fuzz attack. It is appending the last report content also. Is there anyway through which i can delete the old records/reports from its embedded DB.