SFTP File Download from device

MobSF · Dec 3, 2023 · ab7bdec · ab7bdec
1 parent ac97ae7
commit ab7bdec
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 11 deletions.
diff --git a/mobsf/DynamicAnalyzer/views/ios/corellium_instance.py b/mobsf/DynamicAnalyzer/views/ios/corellium_instance.py
@@ -11,8 +11,12 @@
 
 from django.conf import settings
 from django.views.decorators.http import require_http_methods
-from django.http import HttpResponse
-from django.shortcuts import render
+from django.http import (
+    HttpResponse,
+)
+from django.shortcuts import (
+    render,
+)
 
 from mobsf.MobSF.utils import (
     common_check,
@@ -34,6 +38,7 @@
 )
 from mobsf.DynamicAnalyzer.views.ios.corellium_ssh import (
     ssh_execute_cmd,
+    ssh_file_download,
     ssh_file_upload,
     ssh_jump_host,
 )
@@ -776,7 +781,7 @@ def system_logs(request, api=False):
 
 @require_http_methods(['POST'])
 def upload_file(request, api=False):
-    """Upload files to device."""
+    """Upload file to device."""
     err_msg = 'Failed to upload file'
     data = {
         'status': 'failed',
@@ -800,3 +805,35 @@ def upload_file(request, api=False):
         logger.exception(err_msg)
         data['message'] = str(exp)
     return send_response(data)
+# File Download
+
+
+@require_http_methods(['POST'])
+def download_file(request, api=False):
+    """Download file from device."""
+    try:
+        global SSH_TARGET
+        instance_id = request.POST['instance_id']
+        rfile = request.POST['file']
+        failed = common_check(instance_id)
+        if failed:
+            return send_response(failed, api)
+        ci = CorelliumInstanceAPI(instance_id)
+        if not SSH_TARGET:
+            logger.info('Setting up SSH tunnel')
+            SSH_TARGET, _jmp = ssh_jump_host(
+                ci.get_ssh_connection_string())
+        try:
+            fl = ssh_file_download(SSH_TARGET, rfile)
+        except SSHException:
+            logger.info('SSH session not active, setting up again')
+            SSH_TARGET, _jmp = ssh_jump_host(
+                ci.get_ssh_connection_string())
+            fl = ssh_file_download(SSH_TARGET, rfile)
+        if not fl:
+            fl = b'File not found'
+    except Exception:
+        logger.exception('Failed to download file')
+    response = HttpResponse(fl, content_type='application/octet-stream')
+    response['Content-Disposition'] = f'inline; filename={Path(rfile).name}'
+    return response
diff --git a/mobsf/DynamicAnalyzer/views/ios/corellium_ssh.py b/mobsf/DynamicAnalyzer/views/ios/corellium_ssh.py
@@ -27,7 +27,7 @@
 # along with Paramiko; if not, write to the Free Software Foundation, Inc.,
 # 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA.
 # Modified for MobSF.
-
+import io
 import logging
 import select
 import socket
@@ -282,10 +282,13 @@ def ssh_file_upload(ssh_conn_string, fobject, fname):
     jumpbox.close()
 
 
-def ssh_file_download(ssh_conn_string, remote_path, local_path):
+def ssh_file_download(target, remote_path):
     """File Download over SFTP."""
-    target, jumpbox = ssh_jump_host(ssh_conn_string)
-    with target.open_sftp() as sftp:
-        sftp.get(remote_path, local_path)
-    target.close()
-    jumpbox.close()
+    try:
+        with io.BytesIO() as fl:
+            with target.open_sftp() as sftp:
+                sftp.getfo(remote_path, fl)
+                fl.seek(0)
+                return fl.read()
+    except Exception:
+        return None
diff --git a/mobsf/MobSF/urls.py b/mobsf/MobSF/urls.py
@@ -263,6 +263,9 @@
         re_path(r'^ios/upload_file/$',
                 instance.upload_file,
                 name='upload_file'),
+        re_path(r'^ios/download_file/$',
+                instance.download_file,
+                name='download_file'),
         re_path(r'^ios/touch/$',
                 instance.touch,
                 name='ios_touch'),

diff --git a/mobsf/MobSF/views/api/api_dynamic_analysis.py b/mobsf/MobSF/views/api/api_dynamic_analysis.py
@@ -23,7 +23,7 @@
 @csrf_exempt
 def api_get_apps(request):
     """GET - Get Apps for dynamic analysis API."""
-    resp = dynamic_analyzer.dynamic_analysis(request, True)
+    resp = dynamic_analyzer.android_dynamic_analysis(request, True)
     if 'error' in resp:
         return make_api_response(resp, 500)
     return make_api_response(resp, 200)

diff --git a/mobsf/templates/dynamic_analysis/ios/dynamic_report.html b/mobsf/templates/dynamic_analysis/ios/dynamic_report.html
@@ -450,6 +450,7 @@ <h5 class="card-title"></h5>
                 <thead>
                   <tr>
                     <th>FILE PATH</th>
+                    <th>DOWNLOAD</th>
                   </tr>
                 </thead>
                <tbody>
@@ -458,6 +459,9 @@ <h5 class="card-title"></h5>
                   <td>
                     <a href="javascript:cat_file('{{ item }}')">{{item}}</a>
                   </td>
+                  <td>
+                    <a class="btn btn-info btn-sm"  href="javascript:download_file('{{ item }}')"><i class="fa fa-solid fa-download"></i></a>
+                  </td>
                 </tr>
                 {% endfor %}
               </tbody>
@@ -490,6 +494,7 @@ <h5 class="card-title"></h5>
                 <thead>
                   <tr>
                     <th>FILE PATH</th>
+                    <th>DOWNLOAD</th>
                     <th>FILE PROTECTION</th>
                   </tr>
                 </thead>
@@ -499,6 +504,9 @@ <h5 class="card-title"></h5>
                   <td>
                     <a href="javascript:cat_file('{{ item.path }}')">{{ item.path | replace:"/private/var/mobile/Containers/Data/Application/|" }}</a>
                   </td>
+                  <td>
+                    <a class="btn btn-info btn-sm"  href="javascript:download_file('{{ item.path }}')"><i class="fa fa-solid fa-download"></i></a>
+                  </td>
                   <td>
                     {{ item.fileProtectionKey }}
                   </td>
@@ -1432,5 +1440,39 @@ <h3 id="cat_title"> </h3>
         $('#cat').modal('toggle');
     });
   }
+
+  // Download file
+  function download_file(path){
+    // action('{% url 'download_file' %}', {instance_id: '{{ instance_id }}', file: path }, function(json) {
+    //   alert(json);    
+    // });
+
+    var form = document.createElement("form");
+    var element1 = document.createElement("input"); 
+    var element2 = document.createElement("input");
+    var element3 = document.createElement("input");  
+
+    form.method = "POST";
+    form.action = "{% url 'download_file' %}";   
+
+    element1.value= "{{ instance_id }}";
+    element1.name="instance_id";
+    form.appendChild(element1);
+
+
+    element2.value=path;
+    element2.name="file";
+    form.appendChild(element2);
+
+    element3.value= "{{ csrf_token }}";
+    element3.name="csrf_token";
+    form.appendChild(element3);
+
+    document.body.appendChild(form);
+
+    form.submit();
+    form.remove();
+
+  }
   </script>
 {% endblock %}