Needle- Open Supply iOS Safety Testing Framework
Needle is an open supply, modular framework to streamline the method of conducting safety assessments of iOS apps.
Description
Assessing the safety of an iOS software sometimes requires a plethora of instruments, every developed for a particular want and all with completely different modes of operation and syntax. The Android ecosystem has instruments like “drozer” which have solved this downside and intention to be a ‘one cease store’ for almost all of use instances, nevertheless iOS doesn’t have an equal.
Needle is the MWR’s iOS Safety Testing Framework, launched at Black Hat USA in August 2016. It’s an open supply modular framework which goals to streamline your entire means of conducting safety assessments of iOS purposes, and acts as a central level from which to take action.
Needle is meant to be helpful not just for safety professionals, but in addition for builders seeking to safe their code. A couple of examples of testing areas coated by Needle embrace: information storage, inter-process communication, community communications, static code evaluation, hooking and binary protections. The one requirement as a way to run Needle successfully is a jailbroken machine.
The discharge of model 1.0.Zero offered a serious overhaul of its core and the introduction of a brand new native agent, written solely in Goal-C. The brand new NeedleAgent is an open supply iOS app complementary to Needle, that permits to programmatically carry out duties natively on the machine, eliminating the necessity for third social gathering instruments.
Needle is open supply software program, maintained by MWR InfoSecurity.
Set up
Gadget Setup
Conditions
The one prerequisite is a Jailbroken machine.
Workstation Setup
Get a replica of Needle
git clone https://github.com/mwrlabs/needle.git
Set up Dependencies
Kali
# Unix packages
sudo apt-get set up python2.7 python2.7-dev sshpass sqlite3 lib32ncurses5-dev
# Python packages
sudo pip set up readline paramiko sshtunnel frida mitmproxy biplist
OS X
# Core dependencies
brew set up python
brew set up libxml2
xcode-select –install
# Python packages
sudo -H pip set up –upgrade –user readline
sudo -H pip set up –upgrade –user paramiko
sudo -H pip set up –upgrade –user sshtunnel
sudo -H pip set up –upgrade –user frida
sudo -H pip set up –upgrade –user biplist
# sshpass
brew set up https://uncooked.githubusercontent.com/kadwanev/bigboybrew/grasp/Library/Method/sshpass.rb
# mitmproxy
wget https://github.com/mitmproxy/mitmproxy/releases/obtain/v0.17.1/mitmproxy-0.17.1-osx.tar.gz
tar -xvzf mitmproxy-0.17.1-osx.tar.gz
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/native/bin/
Supported Platforms
- Workstation: Needle has been efficiently examined on each Kali and macOS.
- Gadget: iOS 8, 9, and 10 are at the moment supported.
