MobiSec 2.0 Awesomeness Unleashed!

MobiSec has undergone a major reconstruction and version 2.0 (actually 2.0.1) is now available for download on SourceForge.  The popular mobile testing VM platform has been rebuilt on the latest Ubuntu 64-bit LTS.  The tools have been modernized through updates and by replacing deprecated tools with better-supported equivalents.  The environment has also been trimmed down in size by removing some heavy-weight tools that are typically not used during mobile-specific testing.

If you are getting into Mobile Pen Testing, keep an eye out for our upcoming classes.  The next one is   at BlackHat (details and registration here)!  This class will walk you through the MobiSec environment, tools and testing methodology.  The other really cool things we have in store for this class are Android in a VM, which is much faster than using the Android (AVD) emulator; and we have a rockin’ scavenger-hunt style CTF to test your new skills!

For those who still need to perform mobile testing of older platforms we recommend using the latest 1.x release of MobiSec as it is a 32-bit environment and some of the legacy tools built exclusively on 32-bit architecture have not been successfully ported to the new 64-bit VM.


Jason Gillam is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jgillam@secureideas.com, on Twitter @JGillam, or visit the Secure Ideas – ProfessionallyEvil site for services provided.

1 thought on “MobiSec 2.0 Awesomeness Unleashed!”

  1. Hi Jason,

    I downloaded the latest MobiSec VM 2.0.2, and downloaded and installed the Four Goat application. I successfully configured the Four Goat application proxy setting to run through Burp. In an attempt not to use the Four Goat application proxy configuration settings, I tried modifying /opt/mobisec/bin/android-emu.sh, and adding the argument -http-proxy (e.g. lab) emulator -force-32bit -avd Mobisec_Lab -http-proxy 192.168.169.131:8080 -scale 0.50;;), in an attempt to proxy the traffic to burp but it didn’t work. I also went to the System Settings > Network Settings > Configure the Proxy servers used, but this didn’t work either. Question: If an application doesn’t come with proxy configuration settings, what are the steps in order to proxy the MobisecLab AVD application(s) http traffic through Burp?

Leave a Comment

Your email address will not be published. Required fields are marked *