Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to get Json response from dynamic analysis #1699

Closed
YasserHaidar opened this issue Mar 13, 2021 · 5 comments
Closed

Failed to get Json response from dynamic analysis #1699

YasserHaidar opened this issue Mar 13, 2021 · 5 comments
Labels
bug MobSF bugs

Comments

@YasserHaidar
Copy link

YasserHaidar commented Mar 13, 2021
edited
Loading

First of all, thanks alot for this usefull and excellent framework. Everything is working well for me , just I have a small issue in dynamic analysis. I want to get JSON response from a dynamic analysis using the REST API mentioned in the docs. However, a TypeScript error rises each time when doing so. Below,I have attached my python code and the error logs.

ENVIRONMENT

OS and Version: Ubunto 20.04
Python Version: 3.8.5
MobSF Version: 3.3.2 beta

EXPLANATION OF THE ISSUE

I am getting error when trying to retrieve JSON response . Local Host is running and dynamic analysis for the app has finished. But I don't need it in pdf form so I called the REST API method . In static analysis it worked charm using api/v1/report_json.

STEPS TO REPRODUCE THE ISSUE

My python code:

import json
import requests

SERVER = "http://localhost:8000"
APIKEY = 'xxxxxx'
HASH = 'ac24c11867e7e0a56e3c219b4fbed8de'

"""Generating JSON Report"""
print("Generating JSON report")
headers = {'Authorization': APIKEY}
data = {"hash": HASH}
response = requests.post(SERVER + '/api/v1/dynamic/report_json', data=data, headers=headers)
with open('dynamic_full_report.json', 'wb') as outf:
    	outf.write(response.content)

LOG FILE

Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/utils.py", line 422, in update_local_db
    response = requests.get(url,
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='www.malwaredomainlist.com', port=443): Max retries exceeded with url: /mdlcsv.php (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')))
[INFO] 13/Mar/2021 21:25:24 - Maltrail Database is up-to-date
[INFO] 13/Mar/2021 21:25:27 - Getting app files
[INFO] 13/Mar/2021 21:25:28 - Generating Downloads
[ERROR] 13/Mar/2021 21:27:21 - Internal Server Error: /api/v1/dynamic/report_json
Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/helpers.py", line 91, in wrapper
    return func(*args, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/api/api_dynamic_analysis.py", line 225, in api_dynamic_report
    return make_api_response(resp, 200)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/api/api_middleware.py", line 13, in make_api_response
    resp = JsonResponse(data=data, status=status)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/http/response.py", line 567, in __init__
    data = json.dumps(data, cls=encoder, **json_dumps_params)
  File "/usr/lib/python3.8/json/__init__.py", line 234, in dumps
    return cls(
  File "/usr/lib/python3.8/json/encoder.py", line 199, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/lib/python3.8/json/encoder.py", line 257, in iterencode
    return _iterencode(o, 0)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/serializers/json.py", line 105, in default
    return super().default(o)
  File "/usr/lib/python3.8/json/encoder.py", line 179, in default
    raise TypeError(f'Object of type {o.__class__.__name__} '
TypeError: Object of type bytes is not JSON serializable
[INFO] 13/Mar/2021 21:28:47 - Dynamic Analysis Report Generation
[INFO] 13/Mar/2021 21:28:47 - Frida API Monitor Analysis
[INFO] 13/Mar/2021 21:28:47 - Dynamic File Analysis
[INFO] 13/Mar/2021 21:28:48 - Performing Malware Check on extracted Domains
[ERROR] 13/Mar/2021 21:28:49 - [ERROR] Malware DB Update
Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 428, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 472, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/retry.py", line 573, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.malwaredomainlist.com', port=443): Max retries exceeded with url: /mdlcsv.php (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/utils.py", line 422, in update_local_db
    response = requests.get(url,
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='www.malwaredomainlist.com', port=443): Max retries exceeded with url: /mdlcsv.php (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')))
[INFO] 13/Mar/2021 21:28:53 - Maltrail Database is up-to-date
[INFO] 13/Mar/2021 21:28:56 - Getting app files
[INFO] 13/Mar/2021 21:28:57 - Generating Downloads
[ERROR] 13/Mar/2021 21:30:50 - Internal Server Error: /api/v1/dynamic/report_json
Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/helpers.py", line 91, in wrapper
    return func(*args, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/api/api_dynamic_analysis.py", line 225, in api_dynamic_report
    return make_api_response(resp, 200)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/api/api_middleware.py", line 13, in make_api_response
    resp = JsonResponse(data=data, status=status)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/http/response.py", line 567, in __init__
    data = json.dumps(data, cls=encoder, **json_dumps_params)
  File "/usr/lib/python3.8/json/__init__.py", line 234, in dumps
    return cls(
  File "/usr/lib/python3.8/json/encoder.py", line 199, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/lib/python3.8/json/encoder.py", line 257, in iterencode
    return _iterencode(o, 0)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/serializers/json.py", line 105, in default
    return super().default(o)
  File "/usr/lib/python3.8/json/encoder.py", line 179, in default
    raise TypeError(f'Object of type {o.__class__.__name__} '
TypeError: Object of type bytes is not JSON serializable
[INFO] 13/Mar/2021 21:31:28 - Dynamic Analysis Report Generation
[INFO] 13/Mar/2021 21:31:28 - Frida API Monitor Analysis
[INFO] 13/Mar/2021 21:31:29 - Dynamic File Analysis
[INFO] 13/Mar/2021 21:31:30 - Performing Malware Check on extracted Domains
[ERROR] 13/Mar/2021 21:31:31 - [ERROR] Malware DB Update
Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 428, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 472, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/retry.py", line 573, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.malwaredomainlist.com', port=443): Max retries exceeded with url: /mdlcsv.php (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/utils.py", line 422, in update_local_db
    response = requests.get(url,
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='www.malwaredomainlist.com', port=443): Max retries exceeded with url: /mdlcsv.php (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')))
[INFO] 13/Mar/2021 21:31:35 - Maltrail Database is up-to-date
[INFO] 13/Mar/2021 21:31:48 - Getting app files
[INFO] 13/Mar/2021 21:31:49 - Generating Downloads
[INFO] 13/Mar/2021 21:33:02 - Fetching data from DB for PDF Report Generation (Android)
[INFO] 13/Mar/2021 21:33:02 - Analysis is already Done. Fetching data from the DB...
[INFO] 13/Mar/2021 21:33:02 - Generating PDF report for android apk
[INFO] 13/Mar/2021 21:33:03 - VirusTotal: Check for existing report
[INFO] 13/Mar/2021 21:33:10 - VirusTotal: Scan finished, information embedded
[INFO] 13/Mar/2021 21:35:30 - Dynamic Analysis Report Generation
[INFO] 13/Mar/2021 21:35:30 - Frida API Monitor Analysis
[INFO] 13/Mar/2021 21:35:31 - Dynamic File Analysis
[INFO] 13/Mar/2021 21:35:32 - Performing Malware Check on extracted Domains
[ERROR] 13/Mar/2021 21:35:33 - [ERROR] Malware DB Update
Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 382, in _make_request
    self._validate_conn(conn)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
    conn.connect()
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connection.py", line 411, in connect
    self.sock = ssl_wrap_socket(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 428, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 472, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/urllib3/util/retry.py", line 573, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.malwaredomainlist.com', port=443): Max retries exceeded with url: /mdlcsv.php (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/utils.py", line 422, in update_local_db
    response = requests.get(url,
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/sessions.py", line 542, in request
    resp = self.send(prep, **send_kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/sessions.py", line 655, in send
    r = adapter.send(request, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='www.malwaredomainlist.com', port=443): Max retries exceeded with url: /mdlcsv.php (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')))
[INFO] 13/Mar/2021 21:35:37 - Maltrail Database is up-to-date
[INFO] 13/Mar/2021 21:35:40 - Getting app files
[INFO] 13/Mar/2021 21:35:41 - Generating Downloads
[ERROR] 13/Mar/2021 21:37:30 - Internal Server Error: /api/v1/dynamic/report_json
Traceback (most recent call last):
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/helpers.py", line 91, in wrapper
    return func(*args, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/api/api_dynamic_analysis.py", line 225, in api_dynamic_report
    return make_api_response(resp, 200)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/mobsf/MobSF/views/api/api_middleware.py", line 13, in make_api_response
    resp = JsonResponse(data=data, status=status)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/http/response.py", line 567, in __init__
    data = json.dumps(data, cls=encoder, **json_dumps_params)
  File "/usr/lib/python3.8/json/__init__.py", line 234, in dumps
    return cls(
  File "/usr/lib/python3.8/json/encoder.py", line 199, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/lib/python3.8/json/encoder.py", line 257, in iterencode
    return _iterencode(o, 0)
  File "/media/hexapi/Asus/Mobile-Security-Framework-MobSF/venv/lib/python3.8/site-packages/django/core/serializers/json.py", line 105, in default
    return super().default(o)
  File "/usr/lib/python3.8/json/encoder.py", line 179, in [default]

    raise TypeError(f'Object of type {o.__class__.__name__} '

**TypeError: Object of type bytes is not JSON serializable**
@blshkv
Copy link

blshkv commented Mar 15, 2021
edited
Loading

I hit the same problem using the latest version 3.3.3. The issue is with https://www.malwaredomainlist.com certificate CERTIFICATE_VERIFY_FAILED , certificate has expired .

You might want to add an option to ignore an invalid certificate. Please also capture an exception so it won't just crash.

@ajinabraham
Copy link
Member

ajinabraham commented Mar 15, 2021
edited
Loading

@blshkv It's not a good idea to ignore the cert errors. The update check is disabled in the latest master.

@blshkv
Copy link

blshkv commented Mar 15, 2021
edited
Loading

well, we all know it's not a good idea. However, all major tools like wget and even your favourite browser has that option. That options basically says "I know what I'm doing". It allows me to verify the problem manually and accept the risk in case if the certificate is really invalid like in this particular case with malwaredomainlist.

@YasserHaidar
Copy link
Author

YasserHaidar commented Mar 15, 2021
edited
Loading

Well my major problem is in the JSON response. I have tried to edit the funnction view_report (def view_report(request, checksum, api=False)) in the report.py file and when commenting apimon from the variable context , the error disappears and the JOSN repsonse is returned with code 200 =>
Before
context = {'hash': checksum,
'emails': analysis_result['emails'],
'urls': analysis_result['urls'],
'domains': analysis_result['domains'],
'clipboard': analysis_result['clipboard'],
'xml': analysis_result['xml'],
'sqlite': analysis_result['sqlite'],
'others': analysis_result['other_files'],
'screenshots': images['screenshots'],
'activity_tester': images['activities'],
'exported_activity_tester': images['exported_activities'],
'droidmon': droidmon,
'apimon': apimon,
'frida_logs': is_file_exists(fd_log),
'package': package,
'version': settings.MOBSF_VER,
'title': 'Dynamic Analysis'}

After
context = {'hash': checksum,
'emails': analysis_result['emails'],
'urls': analysis_result['urls'],
'domains': analysis_result['domains'],
'clipboard': analysis_result['clipboard'],
'xml': analysis_result['xml'],
'sqlite': analysis_result['sqlite'],
'others': analysis_result['other_files'],
'screenshots': images['screenshots'],
'activity_tester': images['activities'],
'exported_activity_tester': images['exported_activities'],
'droidmon': droidmon,
#'apimon': apimon, I have removed apimon from the response
'frida_logs': is_file_exists(fd_log),
'package': package,
'version': settings.MOBSF_VER,
'title': 'Dynamic Analysis'}

In this way everything is OK. So the problem lies mainly in the shape of apimon array. The output of the apimon using print function is attached in the following file. It is an essential part for my dynamic analysis so I can not ignore it.

apimon_output.txt

N.B: I have tried this on more than 3 applications.

@ajinabraham
Copy link
Member

@blshkv malwaredomainlist looks unmaintained now, hence we disabled the update. Regarding the cert error, since MobSF is run locally by the users. I can't assume that they all know what they are doing and can't accept the risk on behalf of them. I would very much like them to report it and fix it at the tool.

@YasserHaidar Yeah looks like API monitor output has bytes that's not JSON serializable. I will have to take a look and fix. Thanks a lot for the apimon output and further debugging.

@ajinabraham ajinabraham added the bug MobSF bugs label Mar 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug MobSF bugs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@blshkv @ajinabraham @YasserHaidar