mobile-app-testing-mcp

# 📱 Mobile App Testing MCP A mobile application testing tool based on Model Context Protocol (MCP), integrating tools such as Frida, ADB, AAPT, and JADX, providing a complete solution for mobile application security testing. ## 🚀 Quick Installation ### Prerequisites - **Node.js** 18.0+ - **Android SDK** (including ADB and AAPT) - **Frida** server (optional) - **JADX** decompiler (optional) ### Installation Steps ```bash # 1. Clone the project git clone https://github.com/your-username/mobile-app-testing-mcp.git cd mobile-app-testing-mcp # 2. Run the auto-install script npm run setup # Or install manually: # npm install # npm run build # 3. Check environment dependencies npm run check # 4. Start the MCP server npm start ``` ## ⚙️ MCP Configuration ### Claude Desktop Configuration Add to the MCP configuration file in Claude Desktop: **Configuration file location:** - **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json` - **Windows**: `%APPDATA%\Claude\claude_desktop_config.json` - **Linux**: `~/.config/claude/claude_desktop_config.json` ### Basic Configuration (Recommended) ```json { "mcpServers": { "mobile-app-testing": { "command": "node", "args": ["/path/to/your/project/dist/index.js"], "env": {} } } } ``` ### Complete Configuration (Optional) ```json { "mcpServers": { "mobile-app-testing": { "command": "node", "args": ["/path/to/your/project/dist/index.js"], "cwd": "/path/to/your/project", "env": { "ANDROID_HOME": "/path/to/android/sdk" } } } } ``` ## ✅ Configuration Required Before Use ### 1. Android SDK (Required) ```bash # Download and install Android SDK or Android Studio # https://developer.android.com/studio # Set environment variables (add to ~/.bashrc or ~/.zshrc) export ANDROID_HOME=/path/to/android/sdk export PATH=$PATH:$ANDROID_HOME/platform-tools:$ANDROID_HOME/build-tools/latest # Verify installation adb version ``` ### 2. Connect Android Device (Required) ```bash # 1. Enable Developer Options and USB Debugging # 2. Verify after connecting the device adb devices # Should display: device (not unauthorized) ``` ### 3. Node.js (Required) ```bash # Ensure version >= 18.0 node --version ``` ## 🔧 Optional Component Configuration **Auto Installation** (Recommended): ```bash npm run check # Check environment npm run setup # Automatically install missing components ``` **Manual Installation**: - **JADX** (Decompilation): `brew install jadx` - **Frida** (Dynamic Analysis): `pip install frida-tools` ## 📋 Available Tools The MCP server provides the following categories of tools: ### 📱 ADB Tools (12) - Device management, application operations, file transfer, UI automation ### 🔗 Frida Tools (24) - Dynamic analysis, process attachment, Hook injection, memory operations ### 📦 AAPT Tools (4) - APK information analysis, permission checks, resource analysis ### 🔍 JADX Tools (3) - APK decompilation, source code analysis, project statistics ### 🔒 Static Security Analysis Tools (4) ⭐ **New** - Hardcoded sensitive information scanning, debug information leakage detection - Weak encryption algorithm identification, comprehensive security analysis ### 🤖 Workflow Tools (4) - Intelligent suggestions, progress analysis, template management ### 🛠️ Gadget Tools (3) - Automatic deployment, status checks, non-root environment support ### 🔐 File Tools (1) - SHA256 hash calculation, file integrity verification ## ⚡ Three Steps to Start ```bash # 1. Check environment npm run check # 2. Configure Android SDK path (if check fails) export ANDROID_HOME=/path/to/android/sdk # 3. Start the service npm start ``` ## 💡 Basic Usage Once configured, you can use it in Claude Desktop: ``` Analyze the basic information of this APK file: /path/to/app.apk Please help me decompile this APK: com.example.app Take a screenshot of the connected Android device ``` ## 📋 Advanced Usage Examples Check the **[prompt-examples](./prompt-examples/)** directory for detailed usage examples: - 🔍 **[Static Code Security Analysis](./prompt-examples/静态代码安全分析.md)** - Comprehensive code security scanning ⭐ **New** - 🔓 **[Root Detection Bypass](./prompt-examples/Root检测绕过分析.md)** - Automatic analysis and bypass of root detection - 🔑 **[Password Verification Hook](./prompt-examples/密码验证Hook分析.md)** - Hook login verification logic - 🌐 **[Network Encryption Analysis](./prompt-examples/网络通信加密分析.md)** - Analyze communication encryption mechanisms - 🔒 **[SSL Certificate Bypass](./prompt-examples/SSL证书固定绕过.md)** - Bypass certificate pinning for packet capture - 📦 **[Application Unpacking](./prompt-examples/应用加壳脱壳分析.md)** - Dynamic unpacking of packed applications - 🛡️ **[Malware Analysis](./prompt-examples/恶意软件行为分析.md)** - Comprehensive analysis of malicious behaviors Each example includes a complete analysis process, tool invocation list, and code samples. ## 🔐 Security Considerations - For legitimate security testing and research only - Ensure you have testing authorization for the target application - Comply with local laws and regulations - Do not use for malicious purposes ## 🆘 Troubleshooting Common Issues ```bash # Environment check failed? npm run check # MCP cannot connect? # 1. Check if the path is correct # 2. Ensure npm run build was successful # 3. Restart Claude Desktop # Device not detected? adb devices # Ensure it shows 'device' status ```