mobsf / capfuzz Goto Github PK
View Code? Open in Web Editor NEWCapFuzz - capture, fuzz & intercept web traffic.
Home Page: https://opensecurity.in
License: GNU General Public License v3.0
CapFuzz - capture, fuzz & intercept web traffic.
Home Page: https://opensecurity.in
License: GNU General Public License v3.0
Starting the dynamic analysis with mobsf will throw the following error related to capfuzz saying that 'click<7,>=6.2' is missing in the requirments
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/capfuzz", line 6, in
from pkg_resources import load_entry_point
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3088, in
@_call_aside
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3072, in _call_aside
f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 3101, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 576, in _build_master
return cls._build_from_requirements(requires)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 589, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 778, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'click<7,>=6.2' distribution was not found and is required by mitmproxy
I start the dynamic analysis and configured on a real android device the MobSF proxy Capfuz. When I start downloading data using some app, the output of python3 manage.py runserver contains hundreds of lines:
`some-ip:port: clientconnect
some-ip:port clientdisconnect
`
I fear to miss out important messages because of that.
great tool! would it be possible to generate an x509 cert. heres why..
app im testing is cert pinning. ive bypassed it with burpsuite cert using the method and script here..
https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/
but when i attempt the same with any of the certs for capfuzz, i get this error... (which seems to be bc its not an x509 cert.)
Error: java.security.cert.CertificateException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0890ba:ASN.1 encoding routines:asn1_check_tlen:WRONG_TAG
at frida/node_modules/frida-java/lib/env.js:218
at input:1
at [anon] (/repl1.js:35)
at frida/node_modules/frida-java/lib/vm.js:39
at v (frida/node_modules/frida-java/index.js:344)
at frida/node_modules/frida-java/index.js:315
at frida/node_modules/frida-java/lib/vm.js:39
at /_java.js:2384
at [anon] (/repl1.js:63)
Create a pypi package for easy installation, and being able to put CapFuzz as dependency of other packages.
On generating the report after Fuzz attack. It is appending the last report content also. Is there anyway through which i can delete the old records/reports from its embedded DB.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.