Mobile-Security-Framework is a powerful automated tool which can perform penetration test for (Android/iOS/Windows). It can perform static, dynamic analysis and malware analysis for the above mobile applications. MobSF can also provide dynamic runtime testing with a powerful security scanner CapFuzz.

Difficulty of dynamic analysis

During the static analysis of some APK, we find the difficulty on performing dynamic analysis as the vm image is android 4.4 version, which a lot of APK cannot run properly. Below is an example which require sdk 19(android 4.4) as a minimum version, but most of the feature cannot work properly in the app. I need a way to run the apps upper than 4.4 but also work with MobSF.

android version

Solution: Genymotion Android Emulator

To make this thing work I try a lot of emulator. Genymotion is the easiest way to solve this problem as it provides different rooted android vbox image. Genymotion is an android emulator which provide fast, memory efficient vm with Android OS. It also include Google Play Services which bring lot of convenience to Android developer to do all their device testing. It also provide stable network and fixed a log of bugs on AndroidOS. Genymotion default can choose a list of anroid image with rooted settings.

image list

How to use Genymotion with MobSF

Theoretically it can act like the official MobSF vbox image. According to the documentation of MobSF Configuring Dynamic Analyzer, there have 4 ways to configure. This time I will use method 3 which require DEVICE_IP and DEVICE_ADB_PORT to configure. I use android 5.1 version in this article.

deploy device image

In the settings VirtualBox tab, the path of genymotion vbox image is show and i can add it in my virtualbox Manager.

device image location

In Virtual Manager settings, click network adaptor and I find that it is using vboxnet2. I also get the proxy ip from vboxnet2 for intercept traffic. Right click the image and show in finder make me access the image folder.

adaptor config

proxy ip

Now start the image from VirtualBox Manager then you get the DEVICE_IP. Shutdown and use genymotion to start it again.

get device ip

We need to enable Developer options to enable usb debugging and enable unknown source from security.

enable usb debug

enable unkonwn src

We are ready to mobsf the vm.

Clone MobSF from github and navigate to Mobile-Security-Framework-MobSF/scripts/,run python and choose DEVICE, >=5 then MobSF will install all tools on the vm. Install the Framework and reboot the image. Manually restart the vm when it asks you to reboot.

xposed framework

After reboot open Xposed Installer then enable all modules. Restart the emulator again. The finally step is go to Mobile-Security-Framework-MobSF/MobSF/, edit, set ANDROID_DYNAMIC_ANALYZER = "MobSF_REAL_DEVICE", input DEVICE_IP and DEVICE_ADB_PORT. Also set PROXY_IP you find before and Proxy Port is 1337. You are ready to run Dynamic analyzer

config ok

How to keep run the same image

The benefit of Official image is that every time it will restore before running the vm. We cannot run it automatically, but we can take SNAPSHOT after we finish the above settings. Every time we want to perform new test, we manually restore the image.

take snapshot

Side note: how to transfer files between Android VM and the host

Sometimes we want to transfer the files from Android for further investigation, we can achieve it by mounting a shared drive.

For the Device created in GenyMotion, there is an image from VirtualBox. So in VirtualBox, we choose the VM (in our case, a Samsung Galaxy image), click settings, choose “Shared Folders”, then add the path of your shared folder in the Host.




In the VM, we can copy the files and transfer to the host



MobSF is a very useful tools to perform penetration test for mobile application. Combine with Genymotion emulator we can do penetration test for the latest android version APK. You can also use snapshot to control the image and reuse it for every new apps.

Did you enjoy this post? Want to find out more about us? Contact us