From ac97ae79304e412552368a2d304e3858c0c97005 Mon Sep 17 00:00:00 2001
From: "Ajin.Abraham" <ajin.abraham@chime.com>
Date: Sat, 2 Dec 2023 23:35:04 -0800
Subject: [PATCH] Refactor

---
 .../views/android/tests_frida.py              | 47 -----------
 mobsf/DynamicAnalyzer/views/common/frida.py   | 67 ++++++++++++++++
 .../views/ios/corellium_apis.py               |  3 +
 .../views/ios/corellium_instance.py           |  1 -
 .../views/ios/corellium_ssh.py                | 80 +++++++++----------
 .../views/ios/dynamic_analyzer.py             | 16 ++--
 .../views/ios/frida_auxiliary_scripts.py      | 21 ++---
 mobsf/DynamicAnalyzer/views/ios/frida_core.py | 29 ++++---
 .../DynamicAnalyzer/views/ios/tests_frida.py  | 51 ------------
 mobsf/MobSF/urls.py                           | 22 ++---
 mobsf/MobSF/views/api/api_dynamic_analysis.py | 15 +++-
 .../android/dynamic_analyzer.html             |  8 +-
 .../ios/dynamic_analysis.html                 |  2 +-
 .../ios/dynamic_analyzer.html                 |  6 +-
 mobsf/templates/general/apidocs.html          | 30 ++++++-
 15 files changed, 198 insertions(+), 200 deletions(-)
 create mode 100644 mobsf/DynamicAnalyzer/views/common/frida.py

diff --git a/mobsf/DynamicAnalyzer/views/android/tests_frida.py b/mobsf/DynamicAnalyzer/views/android/tests_frida.py
index 3c6c704dc2..b4cf8f4a1a 100644
--- a/mobsf/DynamicAnalyzer/views/android/tests_frida.py
+++ b/mobsf/DynamicAnalyzer/views/android/tests_frida.py
@@ -1,7 +1,6 @@
 # -*- coding: utf_8 -*-
 """Frida tests."""
 import base64
-import glob
 import os
 import re
 import json
@@ -25,7 +24,6 @@
 from mobsf.MobSF.utils import (
     is_file_exists,
     is_md5,
-    is_safe_path,
     print_n_send_error_response,
 )
 
@@ -34,24 +32,6 @@
 # AJAX
 
 
-@require_http_methods(['GET'])
-def list_frida_scripts(request, api=False):
-    """Get frida scripts from others."""
-    scripts = []
-    others = os.path.join(settings.TOOLS_DIR,
-                          'frida_scripts',
-                          'android'
-                          'others')
-    files = glob.glob(others + '**/*.js', recursive=True)
-    for item in files:
-        scripts.append(Path(item).stem)
-    scripts.sort()
-    return send_response({'status': 'ok',
-                          'files': scripts},
-                         api)
-# AJAX
-
-
 @require_http_methods(['POST'])
 def get_runtime_dependencies(request, api=False):
     """Get App runtime dependencies."""
@@ -75,33 +55,6 @@ def get_runtime_dependencies(request, api=False):
 # AJAX
 
 
-@require_http_methods(['POST'])
-def get_script(request, api=False):
-    """Get frida scripts from others."""
-    data = {'status': 'ok', 'content': ''}
-    try:
-        scripts = request.POST.getlist('scripts[]')
-        others = os.path.join(settings.TOOLS_DIR,
-                              'frida_scripts',
-                              'android'
-                              'others')
-        script_ct = []
-        for script in scripts:
-            script_file = os.path.join(others, script + '.js')
-            if not is_safe_path(others, script_file):
-                data = {
-                    'status': 'failed',
-                    'message': 'Path traversal detected.'}
-                return send_response(data, api)
-            if is_file_exists(script_file):
-                script_ct.append(Path(script_file).read_text())
-        data['content'] = '\n'.join(script_ct)
-    except Exception:
-        pass
-    return send_response(data, api)
-# AJAX
-
-
 @require_http_methods(['POST'])
 def instrument(request, api=False):
     """Instrument app with frida."""
diff --git a/mobsf/DynamicAnalyzer/views/common/frida.py b/mobsf/DynamicAnalyzer/views/common/frida.py
new file mode 100644
index 0000000000..f6adc5fafa
--- /dev/null
+++ b/mobsf/DynamicAnalyzer/views/common/frida.py
@@ -0,0 +1,67 @@
+"""Shared Frida Views."""
+import glob
+import os
+from pathlib import Path
+
+from django.conf import settings
+from django.views.decorators.http import require_http_methods
+
+from mobsf.DynamicAnalyzer.views.common.shared import (
+    send_response,
+)
+from mobsf.MobSF.utils import (
+    is_file_exists,
+    is_safe_path,
+)
+# AJAX
+
+
+@require_http_methods(['POST'])
+def list_frida_scripts(request, api=False):
+    """List frida scripts from others."""
+    scripts = []
+    device = request.POST.get('device', 'android')
+    if device != 'android':
+        device = 'ios'
+    others = os.path.join(settings.TOOLS_DIR,
+                          'frida_scripts',
+                          device,
+                          'others')
+    files = glob.glob(others + '**/*.js', recursive=True)
+    for item in files:
+        scripts.append(Path(item).stem)
+    scripts.sort()
+    return send_response(
+        {'status': 'ok',
+         'files': scripts},
+        api)
+# AJAX
+
+
+@require_http_methods(['POST'])
+def get_script(request, api=False):
+    """Get frida scripts from others."""
+    data = {'status': 'ok', 'content': ''}
+    try:
+        device = request.POST.get('device', 'android')
+        if device != 'android':
+            device = 'ios'
+        scripts = request.POST.getlist('scripts[]')
+        others = os.path.join(settings.TOOLS_DIR,
+                              'frida_scripts',
+                              device,
+                              'others')
+        script_ct = []
+        for script in scripts:
+            script_file = os.path.join(others, script + '.js')
+            if not is_safe_path(others, script_file):
+                data = {
+                    'status': 'failed',
+                    'message': 'Path traversal detected.'}
+                return send_response(data, api)
+            if is_file_exists(script_file):
+                script_ct.append(Path(script_file).read_text())
+        data['content'] = '\n'.join(script_ct)
+    except Exception:
+        pass
+    return send_response(data, api)
diff --git a/mobsf/DynamicAnalyzer/views/ios/corellium_apis.py b/mobsf/DynamicAnalyzer/views/ios/corellium_apis.py
index 38037f16a9..6cb30eeb5d 100644
--- a/mobsf/DynamicAnalyzer/views/ios/corellium_apis.py
+++ b/mobsf/DynamicAnalyzer/views/ios/corellium_apis.py
@@ -38,6 +38,9 @@ def api_ready(self):
 
     def api_auth(self):
         """Check Corellium API Auth."""
+        if not self.api_key:
+            logger.error('Corellium API key is not set')
+            return False
         r = requests.get(
             f'{self.api}/projects',
             headers=self.headers)
diff --git a/mobsf/DynamicAnalyzer/views/ios/corellium_instance.py b/mobsf/DynamicAnalyzer/views/ios/corellium_instance.py
index e02f704a2b..ce7b997598 100644
--- a/mobsf/DynamicAnalyzer/views/ios/corellium_instance.py
+++ b/mobsf/DynamicAnalyzer/views/ios/corellium_instance.py
@@ -631,7 +631,6 @@ def ssh_execute(request, api=False):
     except Exception as exp:
         data['message'] = str(exp)
         logger.exception('Executing Commands')
-        return send_response(data, api)
     return send_response(data, api)
 # Helper Download app data tarfile
 
diff --git a/mobsf/DynamicAnalyzer/views/ios/corellium_ssh.py b/mobsf/DynamicAnalyzer/views/ios/corellium_ssh.py
index 69df0cef5a..daeea71927 100644
--- a/mobsf/DynamicAnalyzer/views/ios/corellium_ssh.py
+++ b/mobsf/DynamicAnalyzer/views/ios/corellium_ssh.py
@@ -1,7 +1,13 @@
 # -*- coding: utf_8 -*-
 """Corellium SSH.
 
-Corellium SSH over Jump Host withLocal Port Forwarding for Frida Connection.
+Corellium SSH Utilities , modified for MobSF.
+Supports SSH over Jump Host
+Local Port Forward
+Remote Port Forward
+SSH Shell Exec
+SFTP File Upload
+SFTP File Download
 """
 # Copyright (C) 2003-2007  Robey Pointer <robeypointer@gmail.com>
 #
@@ -80,6 +86,30 @@ def parse_ssh_string(ssh):
     return ssh_dict
 
 
+def sock_chan_handler(sock, chan):
+    """Socket and Channel Handler."""
+    try:
+        while True:
+            r, w, x = select.select([sock, chan], [], [])
+            if sock in r:
+                data = sock.recv(1024)
+                if len(data) == 0:
+                    break
+                chan.send(data)
+            if chan in r:
+                data = chan.recv(1024)
+                if len(data) == 0:
+                    break
+                sock.send(data)
+    except ConnectionResetError:
+        pass
+    finally:
+        if chan:
+            chan.close()
+        if sock:
+            sock.close()
+
+
 # Local Port Forward
 class ForwardServer(socketserver.ThreadingTCPServer):
     daemon_threads = True
@@ -89,11 +119,12 @@ class ForwardServer(socketserver.ThreadingTCPServer):
 class Handler(socketserver.BaseRequestHandler):
     def handle(self):
         chan = None
+        sock = self.request
         try:
             chan = self.ssh_transport.open_channel(
                 'direct-tcpip',
                 (self.chain_host, self.chain_port),
-                self.request.getpeername(),
+                sock.getpeername(),
             )
         except paramiko.SSHException:
             # SSH tunnel closed, try opening again
@@ -111,27 +142,11 @@ def handle(self):
 
         logger.info(
             'Connected!  Tunnel open %r -> %r -> %r',
-            self.request.getpeername(),
+            sock.getpeername(),
             chan.getpeername(),
             (self.chain_host, self.chain_port))
-        while True:
-            r, w, x = select.select([self.request, chan], [], [])
-            if self.request in r:
-                data = self.request.recv(1024)
-                if len(data) == 0:
-                    break
-                chan.send(data)
-            if chan in r:
-                data = chan.recv(1024)
-                if len(data) == 0:
-                    break
-                self.request.send(data)
-
-        peername = self.request.getpeername()
-        if chan:
-            chan.close()
-        if self.request:
-            self.request.close()
+        peername = sock.getpeername()
+        sock_chan_handler(sock, chan)
         logger.info('Tunnel closed from %r', peername)
 
 
@@ -162,24 +177,7 @@ def handler(chan, host, port):
     except Exception:
         logger.info('Forwarding request to %s:%d failed', host, port)
         return
-    try:
-        while True:
-            r, w, x = select.select([sock, chan], [], [])
-            if sock in r:
-                data = sock.recv(1024)
-                if len(data) == 0:
-                    break
-                chan.send(data)
-            if chan in r:
-                data = chan.recv(1024)
-                if len(data) == 0:
-                    break
-                sock.send(data)
-    except ConnectionResetError:
-        pass
-    finally:
-        chan.close()
-        sock.close()
+    sock_chan_handler(sock, chan)
 
 
 def reverse_forward_tunnel(server_port, remote_host, remote_port, transport):
@@ -275,7 +273,7 @@ def ssh_execute_cmd(target, cmd):
 
 
 def ssh_file_upload(ssh_conn_string, fobject, fname):
-    """File Upload over SSH."""
+    """File Upload over SFTP."""
     target, jumpbox = ssh_jump_host(ssh_conn_string)
     with target.open_sftp() as sftp:
         rfile = Path(fname.replace('..', '')).name
@@ -285,7 +283,7 @@ def ssh_file_upload(ssh_conn_string, fobject, fname):
 
 
 def ssh_file_download(ssh_conn_string, remote_path, local_path):
-    """File Download over SSH."""
+    """File Download over SFTP."""
     target, jumpbox = ssh_jump_host(ssh_conn_string)
     with target.open_sftp() as sftp:
         sftp.get(remote_path, local_path)
diff --git a/mobsf/DynamicAnalyzer/views/ios/dynamic_analyzer.py b/mobsf/DynamicAnalyzer/views/ios/dynamic_analyzer.py
index 07f4a4f303..9e2a0c94a5 100644
--- a/mobsf/DynamicAnalyzer/views/ios/dynamic_analyzer.py
+++ b/mobsf/DynamicAnalyzer/views/ios/dynamic_analyzer.py
@@ -40,15 +40,18 @@ def dynamic_analysis(request, api=False):
     """The iOS Dynamic Analysis Entry point."""
     try:
         scan_apps = []
-        ios_dynamic = False
         ipas = StaticAnalyzerIOS.objects.filter(
             FILE_NAME__endswith='.ipa')
         for ipa in reversed(ipas):
             bundle_hash = get_md5(ipa.BUNDLE_ID.encode('utf-8'))
             frida_dump = Path(
                 settings.UPLD_DIR) / bundle_hash / 'mobsf_dump_file.txt'
-            encrypted = python_dict(
-                ipa.MACHO_ANALYSIS)['encrypted']['is_encrypted']
+            macho = python_dict(ipa.MACHO_ANALYSIS)
+            encrypted = False
+            if (macho
+                    and macho.get('encrypted')
+                    and macho.get('encrypted').get('is_encrypted')):
+                encrypted = macho['encrypted']['is_encrypted']
             temp_dict = {
                 'MD5': ipa.MD5,
                 'APP_NAME': ipa.APP_NAME,
@@ -63,16 +66,15 @@ def dynamic_analysis(request, api=False):
         # Corellium
         instances = []
         project_id = None
-        ios_dynamic = bool(getattr(settings, 'CORELLIUM_API_KEY', ''))
         c = CorelliumAPI(getattr(settings, 'CORELLIUM_PROJECT_ID', ''))
-        if c.api_ready() and c.api_auth() and c.get_projects():
+        corellium_auth = c.api_ready() and c.api_auth()
+        if corellium_auth and c.get_projects():
             instances = c.get_instances()
             project_id = c.project_id
             setup_ssh_keys(c)
         context = {'apps': scan_apps,
-                   'dynamic_analyzer': ios_dynamic,
+                   'dynamic_analyzer': corellium_auth,
                    'project_id': project_id,
-                   'corellium_auth': c.api_auth(),
                    'instances': instances,
                    'title': 'MobSF Dynamic Analysis',
                    'version': settings.MOBSF_VER}
diff --git a/mobsf/DynamicAnalyzer/views/ios/frida_auxiliary_scripts.py b/mobsf/DynamicAnalyzer/views/ios/frida_auxiliary_scripts.py
index 981afa62f0..4030d50a1e 100644
--- a/mobsf/DynamicAnalyzer/views/ios/frida_auxiliary_scripts.py
+++ b/mobsf/DynamicAnalyzer/views/ios/frida_auxiliary_scripts.py
@@ -1,4 +1,4 @@
-import os
+from pathlib import Path
 
 from django.conf import settings
 
@@ -8,18 +8,13 @@
 
 
 def get_content(file_name):
-    content = ''
-    script = os.path.join(settings.TOOLS_DIR,
-                          'frida_scripts'
-                          'ios',
-                          'auxiliary',
-                          file_name)
-
-    with open(script, 'r',
-              encoding='utf8',
-              errors='ignore') as scp:
-        content = scp.read()
-    return content
+    tools_dir = Path(settings.TOOLS_DIR)
+    aux_dir = tools_dir / 'frida_scripts' / 'ios' / 'auxiliary'
+    script = aux_dir / file_name
+
+    if script.exists():
+        return script.read_text('utf-8', 'ignore')
+    return ''
 
 
 def get_loaded_classes():
diff --git a/mobsf/DynamicAnalyzer/views/ios/frida_core.py b/mobsf/DynamicAnalyzer/views/ios/frida_core.py
index e09955032c..a08b438f3b 100644
--- a/mobsf/DynamicAnalyzer/views/ios/frida_core.py
+++ b/mobsf/DynamicAnalyzer/views/ios/frida_core.py
@@ -65,10 +65,10 @@ def get_scripts(self, script_type, selected_scripts):
         all_scripts = self.frida_dir / script_type
         for script in all_scripts.rglob('*.js'):
             if '*' in selected_scripts:
-                combined_script.append(script.read_text())
+                combined_script.append(script.read_text('utf-8', 'ignore'))
             if script.stem in selected_scripts:
                 header.append(f'send("Loaded Frida Script - {script.stem}");')
-                combined_script.append(script.read_text())
+                combined_script.append(script.read_text('utf-8', 'ignore'))
         return header + combined_script
 
     def get_auxiliary(self):
@@ -110,9 +110,9 @@ def get_script(self):
         rpc_list.extend(self.get_scripts('rpc', ['*']))
         scripts.extend(self.get_auxiliary())
         rpc_script = ','.join(rpc_list)
-        rpc = f'rpc.exports = {{ {rpc_script} }};'
+        rpc = f'rpc.exports = {{ \n{rpc_script}\n }};'
         combined = '\n'.join(scripts)
-        final = f'{rpc} setTimeout(function() {{ \n{combined}\n }}, 1000)'
+        final = f'{rpc}\n setTimeout(function() {{ \n{combined}\n }}, 1000)'
         return final
 
     def frida_response(self, message, data):
@@ -125,15 +125,16 @@ def frida_response(self, message, data):
             if not isinstance(msg, str):
                 msg = str(msg)
             if dump in msg:
-                self.write_log(self.dump_file, msg.replace(dump, '') + '\n')
+                msg = msg.replace(dump, '')
+                self.write_log(self.dump_file, f'{msg}\n')
             elif msg.startswith(jb):
-                self.write_log(self.frida_log, msg + '\n')
+                self.write_log(self.frida_log, f'{msg}\n')
             elif msg.startswith(aux):
-                self.write_log(self.frida_log,
-                               msg.replace(aux, '[*] ') + '\n')
+                msg = msg.replace(aux, '[*] ')
+                self.write_log(self.frida_log, f'{msg}\n')
             else:
                 logger.debug('[Frida] %s', msg)
-                self.write_log(self.frida_log, msg + '\n')
+                self.write_log(self.frida_log, f'{msg}\n')
         else:
             logger.error('[Frida] %s', message)
 
@@ -190,13 +191,11 @@ def session(self, pid, bundle_id):
                     _PID = pid
                     self.bundle_id = bundle_id
                 front = device.get_frontmost_application()
-                if not front:
-                    # No frontmost app, spawn the app
+                if not front or front.pid != _PID:
+                    # No front most app, spawn the app or
+                    # pid is not the front most app
                     _PID = device.spawn([self.bundle_id])
-                elif front.pid != _PID:
-                    # pid is not the frontmost app
-                    _PID = device.spawn([self.bundle_id])
-                # pid is the forntmost app
+                # pid is the fornt most app
                 session = device.attach(_PID)
             except frida.NotSupportedError:
                 logger.exception('Not Supported Error')
diff --git a/mobsf/DynamicAnalyzer/views/ios/tests_frida.py b/mobsf/DynamicAnalyzer/views/ios/tests_frida.py
index dc42e042aa..17bd0d9cd9 100644
--- a/mobsf/DynamicAnalyzer/views/ios/tests_frida.py
+++ b/mobsf/DynamicAnalyzer/views/ios/tests_frida.py
@@ -1,12 +1,8 @@
 # -*- coding: utf_8 -*-
 """Frida tests for iOS."""
-import glob
-import os
-from pathlib import Path
 from threading import Thread
 import logging
 
-from django.conf import settings
 from django.views.decorators.http import require_http_methods
 
 from mobsf.DynamicAnalyzer.views.ios.frida_core import (
@@ -23,59 +19,12 @@
 )
 from mobsf.MobSF.utils import (
     common_check,
-    is_file_exists,
     is_md5,
-    is_safe_path,
     strict_package_check,
 )
 
 logger = logging.getLogger(__name__)
-# AJAX
-
-
-@require_http_methods(['GET'])
-def list_ios_frida_scripts(request, api=False):
-    """List frida scripts from others."""
-    scripts = []
-    others = os.path.join(settings.TOOLS_DIR,
-                          'frida_scripts'
-                          'ios',
-                          'others')
-    files = glob.glob(others + '**/*.js', recursive=True)
-    for item in files:
-        scripts.append(Path(item).stem)
-    scripts.sort()
-    return send_response(
-        {'status': OK,
-         'files': scripts},
-        api)
-# AJAX
 
-
-@require_http_methods(['POST'])
-def ios_get_script(request, api=False):
-    """Get frida scripts from others."""
-    data = {'status': OK, 'content': ''}
-    try:
-        scripts = request.POST.getlist('scripts[]')
-        others = os.path.join(settings.TOOLS_DIR,
-                              'frida_scripts'
-                              'ios',
-                              'others')
-        script_ct = []
-        for script in scripts:
-            script_file = os.path.join(others, script + '.js')
-            if not is_safe_path(others, script_file):
-                data = {
-                    'status': 'failed',
-                    'message': 'Path traversal detected.'}
-                return send_response(data, api)
-            if is_file_exists(script_file):
-                script_ct.append(Path(script_file).read_text())
-        data['content'] = '\n'.join(script_ct)
-    except Exception:
-        pass
-    return send_response(data, api)
 # AJAX
 
 
diff --git a/mobsf/MobSF/urls.py b/mobsf/MobSF/urls.py
index 7c5e731486..ba75b441f3 100755
--- a/mobsf/MobSF/urls.py
+++ b/mobsf/MobSF/urls.py
@@ -1,6 +1,9 @@
 from django.urls import re_path
 
-from mobsf.DynamicAnalyzer.views.common import device
+from mobsf.DynamicAnalyzer.views.common import (
+    device,
+    frida,
+)
 from mobsf.DynamicAnalyzer.views.android import dynamic_analyzer as dz
 from mobsf.DynamicAnalyzer.views.android import (
     operations,
@@ -76,9 +79,10 @@
     re_path(r'^api/v1/frida/instrument$', api_dz.api_instrument),
     re_path(r'^api/v1/frida/api_monitor$', api_dz.api_api_monitor),
     re_path(r'^api/v1/frida/logs$', api_dz.api_frida_logs),
+    re_path(r'^api/v1/frida/get_dependencies$', api_dz.api_get_dependencies),
+    # Shared
     re_path(r'^api/v1/frida/list_scripts$', api_dz.api_list_frida_scripts),
     re_path(r'^api/v1/frida/get_script$', api_dz.api_get_script),
-    re_path(r'^api/v1/frida/get_dependencies$', api_dz.api_get_dependencies),
 ]
 if settings.API_ONLY == '0':
     urlpatterns.extend([
@@ -186,14 +190,18 @@
         re_path(r'^frida_logs/$',
                 tests_frida.frida_logs,
                 name='frida_logs'),
-        re_path(r'^list_frida_scripts/$', tests_frida.list_frida_scripts),
-        re_path(r'^get_script/$', tests_frida.get_script),
         re_path(r'^get_dependencies/$', tests_frida.get_runtime_dependencies),
         # Report
         re_path(r'^dynamic_report/(?P<checksum>[0-9a-f]{32})$',
                 report.view_report,
                 name='dynamic_report'),
         # Shared
+        re_path(r'^list_frida_scripts/$',
+                frida.list_frida_scripts,
+                name='list_frida_scripts'),
+        re_path(r'^get_script/$',
+                frida.get_script,
+                name='get_script'),
         re_path(r'^dynamic_view_file/$',
                 device.view_file,
                 name='dynamic_view_file'),
@@ -270,12 +278,6 @@
         re_path(r'^ios/instrument/$',
                 ios_tests_frida.ios_instrument,
                 name='ios_instrument'),
-        re_path(r'^ios/list_frida_scripts/$',
-                ios_tests_frida.list_ios_frida_scripts,
-                name='list_ios_frida_scripts'),
-        re_path(r'^ios/get_script/$',
-                ios_tests_frida.ios_get_script,
-                name='ios_get_script'),
         re_path(r'^ios/view_report/(?P<bundle_id>([\w]*\.)+[\w]{2,155})$',
                 ios_view_report.ios_view_report,
                 name='ios_view_report'),
diff --git a/mobsf/MobSF/views/api/api_dynamic_analysis.py b/mobsf/MobSF/views/api/api_dynamic_analysis.py
index 47339d8601..8682fd0044 100644
--- a/mobsf/MobSF/views/api/api_dynamic_analysis.py
+++ b/mobsf/MobSF/views/api/api_dynamic_analysis.py
@@ -14,6 +14,7 @@
 )
 from mobsf.DynamicAnalyzer.views.common import (
     device,
+    frida,
 )
 
 
@@ -228,11 +229,14 @@ def api_frida_logs(request):
     return make_api_response(resp, 500)
 
 
-@request_method(['GET'])
+@request_method(['POST'])
 @csrf_exempt
 def api_list_frida_scripts(request):
-    """GET - List Frida Scripts."""
-    resp = tests_frida.list_frida_scripts(request, True)
+    """POST - List Frida Scripts."""
+    if 'device' not in request.POST:
+        return make_api_response(
+            {'error': 'Missing Parameters'}, 422)
+    resp = frida.list_frida_scripts(request, True)
     if resp['status'] == 'ok':
         return make_api_response(resp, 200)
     return make_api_response(resp, 500)
@@ -245,7 +249,10 @@ def api_get_script(request):
     if not request.POST.getlist('scripts[]'):
         return make_api_response(
             {'error': 'Missing Parameters'}, 422)
-    resp = tests_frida.get_script(request, True)
+    if 'device' not in request.POST:
+        return make_api_response(
+            {'error': 'Missing Parameters'}, 422)
+    resp = frida.get_script(request, True)
     if resp['status'] == 'ok':
         return make_api_response(resp, 200)
     return make_api_response(resp, 500)
diff --git a/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html b/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html
index f7b70cb58a..773aec4534 100644
--- a/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html
+++ b/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html
@@ -481,12 +481,12 @@ <h4 class="modal-title">Run TLS/SSL Security Tests - {{ package }}</h4>
 
 // Frida load other scripts
 function load_frida_others(){
-  $.get(document.location.origin + '/list_frida_scripts/', function(json, status){
-      if (json.status == 'ok'){
+  action('{% url 'list_frida_scripts' %}', {device: 'android'}, function(json) {
+    if (json.status==="ok"){
         json.files.forEach(function(script) {
           $('#fd_scs').append('<option value=' + escape(script) + '>' + escape(script) + '</option>');
         });
-      }
+    }
   });
 }
 
@@ -1001,7 +1001,7 @@ <h4 class="modal-title">Run TLS/SSL Security Tests - {{ package }}</h4>
 // Load Frida Scripts
 $("#loadscript").click(function() {
    var scripts = $('#fd_scs').val();
-   action(document.location.origin + '/get_script/', {scripts: scripts}, function(json) {
+   action('{% url 'get_script' %}', {scripts: scripts, device: 'android'}, function(json) {
     if (json.status==="ok"){
         editor.getDoc().setValue(json.content);
     }
diff --git a/mobsf/templates/dynamic_analysis/ios/dynamic_analysis.html b/mobsf/templates/dynamic_analysis/ios/dynamic_analysis.html
index a71388c35a..4681e9e1a7 100644
--- a/mobsf/templates/dynamic_analysis/ios/dynamic_analysis.html
+++ b/mobsf/templates/dynamic_analysis/ios/dynamic_analysis.html
@@ -33,7 +33,7 @@
                         <h4>MobSF iOS Dynamic Analyzer</h4>
                         <div class="card-body">
                           <div class="table-responsive">
-                           {% if not corellium_auth %}<h5 style="color:#FFA500">Cannot authenticate with Corellium. Please ensure that <strong>MOBSF_CORELLIUM_API_KEY</strong> is configured.</h5>{% endif %}
+                           {% if not dynamic_analyzer %}<h5 style="color:#FFA500">Cannot authenticate with Corellium. Please ensure that <strong>MOBSF_CORELLIUM_API_KEY</strong> is configured.</h5>{% endif %}
                            <h6> Corellium Project ID: <strong>{{ project_id }}</strong>  </h6>
                            <a class="btn btn-info" onclick="javascript:location.reload()"><i class="fa fa-retweet"></i> Refresh</a>
                            <a class="btn btn-success" role="button" data-toggle="modal" data-target="#create_instance"><i class="fab fa-apple"></i> Create VM</a>
diff --git a/mobsf/templates/dynamic_analysis/ios/dynamic_analyzer.html b/mobsf/templates/dynamic_analysis/ios/dynamic_analyzer.html
index 1c3d98fbd7..161416861e 100644
--- a/mobsf/templates/dynamic_analysis/ios/dynamic_analyzer.html
+++ b/mobsf/templates/dynamic_analysis/ios/dynamic_analyzer.html
@@ -516,8 +516,8 @@ <h5 class="modal-title" id="exampleModalLabel">Attach to a Running Process</h5>
 
 // Frida load other scripts
 function load_frida_others(){
-  $.get('{% url 'list_ios_frida_scripts' %}', function(json, status){
-      if (json.status == 'ok'){
+  action('{% url 'list_frida_scripts' %}', {device: 'ios'}, function(json) {
+    if (json.status == 'ok'){
         json.files.forEach(function(script) {
           $('#fd_scs').append('<option value=' + escape(script) + '>' + escape(script) + '</option>');
         });
@@ -1020,7 +1020,7 @@ <h5 class="modal-title" id="exampleModalLabel">Attach to a Running Process</h5>
 // Load Frida Scripts
 $("#loadscript").click(function() {
    var scripts = $('#fd_scs').val();
-   action('{% url 'ios_get_script' %}', {scripts: scripts}, function(json) {
+   action('{% url 'get_script' %}', {scripts: scripts, device: 'ios'}, function(json) {
     if (json.status==="ok"){
         editor.getDoc().setValue(json.content);
     }
diff --git a/mobsf/templates/general/apidocs.html b/mobsf/templates/general/apidocs.html
index e902a898af..3b06d073a8 100644
--- a/mobsf/templates/general/apidocs.html
+++ b/mobsf/templates/general/apidocs.html
@@ -2336,12 +2336,31 @@ <h2><a id="frida-list-scripts-api"></a><strong>Frida List Scripts API</strong></
                 <p><strong>URL:</strong> <code>/api/v1/frida/list_scripts</code></p>
               </li>
               <li>
-                <p><strong>Method:</strong> <code>GET</code></p>
+                <p><strong>Method:</strong> <code>POST</code></p>
               </li>
               <li>
                 <p><strong>Header:</strong> <code>Authorization:&lt;api_key&gt;</code> <strong>Or</strong> <code>X-Mobsf-Api-Key:&lt;api_key&gt;</code></p>
               </li>
+              <li>
+                <p><strong>Data Params</strong></p>
+              </li>
             </ul>
+            <table class="table table-striped table-bordered">
+              <thead>
+                <tr>
+                  <th>Param Name</th>
+                  <th>Param Value</th>
+                  <th>Required</th>
+                </tr>
+              </thead>
+              <tbody>
+                <tr>
+                  <td>device</td>
+                  <td>android/ios</td>
+                  <td>Yes</td>
+                </tr>
+              </tbody>
+            </table>
             <br />
             <ul>
               <li>
@@ -2391,7 +2410,7 @@ <h2><a id="frida-list-scripts-api"></a><strong>Frida List Scripts API</strong></
                 <p><strong>Sample Call:</strong></p>
                 <ul>
                   <li>
-                    <pre><code>curl --url http://localhost:8000/api/v1/frida/list_scripts -H "Authorization:{{ api_key}}"
+                    <pre><code>curl -X POST --url http://localhost:8000/api/v1/frida/list_scripts --data "device=android" -H "Authorization:{{ api_key}}"
                   </code></pre>
                   </li>
                 </ul>
@@ -2430,6 +2449,11 @@ <h2><a id="frida-get-script-api"></a><strong>Frida Get Script API</strong></h2>
                   <td>name of the script from the output of Frida List Scripts (/api/v1/frida/list_scripts) API.</td>
                   <td>Yes</td>
                 </tr>
+                <tr>
+                  <td>device</td>
+                  <td>android/ios</td>
+                  <td>Yes</td>
+                </tr>
               </tbody>
             </table>
             <br />
@@ -2466,7 +2490,7 @@ <h2><a id="frida-get-script-api"></a><strong>Frida Get Script API</strong></h2>
                 <p><strong>Sample Call:</strong></p>
                 <ul>
                   <li>
-                    <pre><code>curl -X POST --url http://localhost:8000/api/v1/frida/get_script --data "scripts[]=hook_java_reflection&amp;scripts[]=jni_hook_by_address&amp;scripts[]=default&amp;scripts[]=get_android_id" -H "Authorization:{{ api_key}}"
+                    <pre><code>curl -X POST --url http://localhost:8000/api/v1/frida/get_script --data "device=android&amp;scripts[]=hook_java_reflection&amp;scripts[]=jni_hook_by_address&amp;scripts[]=default&amp;scripts[]=get_android_id" -H "Authorization:{{ api_key}}"
                   </code></pre>
                   </li>
                 </ul>