Upload APKs (for x86 architecture) to be analysed for common SSL-related vulnerabilities in Android.
Vulnerabilities include
- Custom Trustmanager accepting all certificates (with valid hostname)
- Custom HostnameVerifier accepting all hostnames
- Custom WebViewClient.onSSLErrorReceived accepting all certificates
- Apps not using certificate pinning
- Apps implementing certificate pinning erroneously (getPeerCertificates bug)
- Other vulnerabilities for which you can check by configuring your own scenario and MITM proxy certificate settings
Run sudo xhost +
to enable displaying emulator UI.
Run docker-compose -f docker-compose-local.yml up --build
. The initial building of the docker images might take some time (~ 1 hour).
You can access the web service on http://0.0.0.0:5000/index
See docker-compose configuration files for customization options.
Specify the IP of the manager machine in the URLs in config.py
.
Run docker-compose -f docker-compose-manager.yml up --build
on the manager machine.
Run sudo xhost +
and docker-compose -f docker-compose-workers.yml up --build
on each of the worker machines
(including the manager machine if it should also run workers).
Make sure that the ports of the docker-compose configuration files are not already in use (e.g. by a local RabbitMQ server).
You can access the web service on the IP of the manager machine on port 5000 at /index.
See docker-compose configuration files for customization options.
The service can currently not be run in swarm mode, since after the latest Android emulator update the emulator just starts with a black screen when not using GPU acceleration. GPU acceleration requires docker privileged mode which is not supported in swarm mode.