Draft
Conversation
|
👋 @ajinabraham |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
mobsf/DynamicAnalyzer/tools/frida_scripts/ios/others/bypass-ssl-trustkit.js
Fixed
Show fixed
Hide fixed
The success path of setup_or_start_frida() fell through the try block without returning True, causing callers to receive None instead of True on a successful first-time Frida setup. Co-authored-by: Oz <oz-agent@warp.dev>
) download_screenshot() used a hardcoded 5s sleep before downloading /tmp/screenshot.png. The screenshot.js RPC runs on the iOS main thread via ObjC.schedule(), so api.get_screenshot() can return before the file is written. Two threads raced with no synchronisation. Fix: add a screenshot_event (threading.Event) to the Frida base class. frida_response() sets the event when it receives the '✅ Screenshot Captured' send() message from the JS. download_screenshot() waits on the event with a 30s timeout instead of sleeping blindly. Co-authored-by: Oz <oz-agent@warp.dev>
Method 2 (apt fallback) ran all commands in a loop without checking exit codes, unconditionally returning True even if apt install failed. This caused install_ipa() to silently loop forever with a confusing 'AppSync Unified is installed, please try again' message when nothing was actually installed. Changes: - Check exit code of apt install; raise Exception on failure so the caller receives a meaningful error instead of a silent retry loop - Split the reboot command out of the apt command loop so it only runs after a confirmed successful install - Add docstring clarifying the three return states (False=already installed, True=just installed/rebooting, Exception=failure) - Fix misleading log message in install_ipa() to say 'was just installed and userspace is rebooting' instead of 'is installed' Co-authored-by: Oz <oz-agent@warp.dev>
read_file() decodes via UTF-8 and silently returns None for binary plists, causing _modify_frida_plist_for_wifi() to fail on devices where the Frida server plist is in binary format. Switch to read_binary_file() which returns raw bytes. Use plistlib.loads() which handles both XML and binary plist formats. Serialize back with plistlib.dumps() and upload via upload_file_object() using an in-memory BytesIO buffer, removing the need for a temp file on disk. Remove now-unused imports (tempfile, os). Co-authored-by: Oz <oz-agent@warp.dev>
#2597) connect_usb() and connect_wifi() defaulted to username='root', password='alpine' with no way to override them via configuration. Users who have changed their jailbreak SSH password, or who want to use a non-root account, had to patch the code directly. Add MOBSF_IOS_SSH_USER (default: root) and MOBSF_IOS_SSH_PASSWORD (default: alpine) environment variables following the existing MobSF env-var pattern in settings.py. Read them in validate_and_connect_device() and pass them to connect_usb() and connect_wifi() at the call sites. Defaults are unchanged so existing deployments are unaffected. Co-authored-by: Oz <oz-agent@warp.dev>
…2598) pkill -f iproxy matches any process with 'iproxy' in its command line, including iproxy instances started by the user or other tools. This could unexpectedly terminate unrelated port forwarding sessions. Store Popen handles for each iproxy subprocess launched by _setup_usb_port_forward() in self.iproxy_procs. In disconnect(), call .terminate() on each stored handle instead of using pkill. This scopes teardown to only the processes MobSF started. Co-authored-by: Oz <oz-agent@warp.dev>
…2599) The USB and WiFi connection paths use different Frida remote ports but this is not documented anywhere, making Docker/Colima setup non-obvious: - USB: MobSF auto-starts iproxy mapping localhost:37042 -> device:27042. Frida connects to localhost:37042 (explicit port). - WiFi/Docker: Frida connects to the configured host on the default Frida port 27042 (no explicit port). MobSF does NOT set up any local port mapping. A Docker/Colima user who reads the USB code and guesses 37042:27042 for their iproxy command will silently get no Frida connection. Add a comment block in FridaIOSDevice.__init__() documenting both cases and the correct iproxy command for Docker/Colima setups. Co-authored-by: Oz <oz-agent@warp.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Describe the Pull Request
Checklist for PR
tox -e lint,testStaticAnalyzer/tests.py)Additional Comments (if any)