Merge branch 'master' of github.com:wokron/Mobile-Security-Framework-…

…MobSF
MobSF · Mar 7, 2024 · 73a88dc · 73a88dc
2 parents 13d3f55 + 1e93205
commit 73a88dc
Show file tree

Hide file tree

Showing 8 changed files with 197 additions and 75 deletions.
diff --git a/mobsf/DynamicAnalyzer/views/ios/corellium_instance.py b/mobsf/DynamicAnalyzer/views/ios/corellium_instance.py
@@ -462,6 +462,34 @@ def run_app(request, api=False):
 # AJAX
 
 
+@require_http_methods(['POST'])
+def stop_app(request, api=False):
+    """Stop an App."""
+    data = {
+        'status': 'failed',
+        'message': 'Failed to stop the app'}
+    try:
+        instance_id = request.POST['instance_id']
+        bundle_id = request.POST['bundle_id']
+        failed = common_check(instance_id)
+        if failed:
+            return send_response(failed, api)
+        if not strict_package_check(bundle_id):
+            data['message'] = 'Invalid iOS Bundle id'
+            return send_response(data, api)
+        ca = CorelliumAgentAPI(instance_id)
+        if (ca.agent_ready()
+                and ca.unlock_device()
+                and ca.stop_app(bundle_id) == OK):
+            data['status'] = OK
+            data['message'] = 'App Killed'
+    except Exception as exp:
+        logger.exception('Failed to stop the app')
+        data['message'] = str(exp)
+    return send_response(data, api)
+# AJAX
+
+
 @require_http_methods(['POST'])
 def remove_app(request, api=False):
     """Remove an app from the device."""

diff --git a/mobsf/MobSF/init.py b/mobsf/MobSF/init.py
@@ -10,7 +10,7 @@
 
 logger = logging.getLogger(__name__)
 
-VERSION = '3.9.4'
+VERSION = '3.9.5'
 BANNER = """
   __  __       _    ____  _____       _____ ___  
  |  \/  | ___ | |__/ ___||  ___|_   _|___ // _ \ 

diff --git a/mobsf/MobSF/urls.py b/mobsf/MobSF/urls.py
@@ -115,6 +115,8 @@
             api_idz.api_ios_dynamic_analyzer),
     re_path(r'^api/v1/ios/run_app$',
             api_idz.api_run_app),
+    re_path(r'^api/v1/ios/stop_app$',
+            api_idz.api_stop_app),
     re_path(r'^api/v1/ios/remove_app$',
             api_idz.api_remove_app),
     re_path(r'^api/v1/ios/take_screenshot$',

diff --git a/mobsf/MobSF/views/api/api_android_dynamic_analysis.py b/mobsf/MobSF/views/api/api_android_dynamic_analysis.py
@@ -224,7 +224,7 @@ def api_frida_logs(request):
             {'error': 'Missing Parameters'}, 422)
     resp = frida.frida_logs(request, True)
     # frida logs can be json or html
-    if resp.get('data'):
+    if resp.get('data') or resp.get('message'):
         return make_api_response(resp, 200)
     return make_api_response(resp, 500)
 

diff --git a/mobsf/MobSF/views/api/api_ios_dynamic_analysis.py b/mobsf/MobSF/views/api/api_ios_dynamic_analysis.py
@@ -192,6 +192,20 @@ def api_run_app(request):
     return make_api_response(resp, 200)
 
 
+@request_method(['POST'])
+@csrf_exempt
+def api_stop_app(request):
+    """POST - Run an App."""
+    params = {INSTANCE_ID, BUNDLE_ID}
+    if set(request.POST) < params:
+        return make_api_response(
+            {'error': 'Missing Parameters'}, 422)
+    resp = corellium_instance.stop_app(request, True)
+    if resp.get('status') == FAILED:
+        return make_api_response(resp, 500)
+    return make_api_response(resp, 200)
+
+
 @request_method(['POST'])
 @csrf_exempt
 def api_remove_app(request):

diff --git a/mobsf/templates/general/apidocs.html b/mobsf/templates/general/apidocs.html
@@ -81,6 +81,7 @@ <h1>Dynamic Analysis iOS</h1>
               <li><code>api/v1/ios/setup_environment</code> - <a href="#ios-setup-environment-api">Setup iOS Dynamic Analysis Environment</a></li>
               <li><code>api/v1/ios/dynamic_analyzer</code> - <a href="#ios-dynamic-analyzer-api">iOS Dynamic Analyzer</a></li>
               <li><code>api/v1/ios/run_app</code> - <a href="#ios-run-app-api">Run App</a></li>
+              <li><code>api/v1/ios/stop_app</code> - <a href="#ios-stop-app-api">Stop App</a></li>
               <li><code>api/v1/ios/remove_app</code> - <a href="#ios-remove-app-api">Remove App</a></li>
               <li><code>api/v1/ios/take_screenshot</code> - <a href="#ios-takescreenshot-api">Take Screenshot</a></li>
               <li><code>api/v1/ios/get_app_container_path</code> - <a href="#ios-get-app-container-path-api">Get App Container Path</a></li>
@@ -3733,6 +3734,82 @@ <h2><a id="ios-run-app-api"></a><strong>Run App API</strong></h2>
               </li>
             </ul>
 
+            <hr />
+            <h2><a id="ios-stop-app-api"></a><strong>Stop App API</strong></h2>
+            <p>Kill the app in the Corellium VM.</p>
+            <ul>
+              <li>
+                <p><strong>URL:</strong> <code>/api/v1/ios/stop_app</code></p>
+              </li>
+              <li>
+                <p><strong>Method:</strong> <code>POST</code></p>
+              </li>
+              <li>
+                <p><strong>Header:</strong> <code>Authorization:&lt;api_key&gt;</code> <strong>Or</strong> <code>X-Mobsf-Api-Key:&lt;api_key&gt;</code></p>
+              </li>
+            </ul>
+            <table class="table table-striped table-bordered">
+              <thead>
+                <tr>
+                  <th>Param Name</th>
+                  <th>Param Value</th>
+                  <th>Required</th>
+                </tr>
+              </thead>
+              <tbody>
+                <tr>
+                  <td>instance_id</td>
+                  <td>iOS instance id (Available from /api/v1/ios/dynamic_analysis)</td>
+                  <td>Yes</td>
+                </tr>
+                <tr>
+                  <td>bundle_id</td>
+                  <td>iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)</td>
+                  <td>Yes</td>
+                </tr>
+              </tbody>
+            </table>
+            <br />
+            <ul>
+              <li>
+                <p><strong>Success Response:</strong></p>
+                <ul>
+                  <li>
+                    <strong>Code:</strong> <code>200</code><br />
+                    <strong>Content-Type:</strong> <code>application/json; charset=utf-8</code> <br />
+                    <strong>Content:</strong> <code>{"status": "ok", "message": "App Killed"}</code>
+                  </li>
+                </ul>
+              </li>
+              <li>
+                <p><strong>Error Response:</strong></p>
+                <ul>
+                  <li>
+                    <strong>Code:</strong> <code>500 Internal Server Error</code> or <code>405 Method Not Allowed</code> or <code>422 Unprocessable Entity</code> <br />
+                    <strong>Content-Type:</strong> <code>application/json; charset=utf-8</code> <br />
+                    <strong>Content:</strong> <code>{&quot;error&quot;: &lt;error message&gt; }</code>
+                  </li>
+                </ul>
+                <p>OR</p>
+                <ul>
+                  <li>
+                    <strong>Code:</strong> <code>401 Unauthorized</code> <br />
+                    <strong>Content-Type:</strong> <code>application/json; charset=utf-8</code> <br />
+                    <strong>Content:</strong> <code>{&quot;error&quot;: &quot;You are unauthorized to make this request.&quot; }</code>
+                  </li>
+                </ul>
+              </li>
+              <li>
+                <p><strong>Sample Call:</strong></p>
+                <ul>
+                  <li>
+                    <pre><code>curl -X POST --url http://localhost:8000/api/v1/ios/stop_app --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization:{{ api_key}}"
+                  </code></pre>
+                  </li>
+                </ul>
+              </li>
+            </ul>
+
             <hr />
             <h2><a id="ios-remove-app-api"></a><strong>Remove App API</strong></h2>
             <p>Remove an app from the Corellium VM.</p>