needle: iOS Security Testing Framework

needle

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.

Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one-stop-shop’ for the majority of use cases, however, iOS does not have an equivalent.

Image: testlodge

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals but also for developers looking to secure their code. A few examples of testing areas covered by Needle include data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.

Needle is open source software, maintained by MWR InfoSecurity.

Installation

Requirement:

  • Jailbroken device
  • Cydia
  • Apt 0.7 Strict
  • Needle Agent
    Add the following repository to the Cydia Sources: http://mobiletools.mwrinfosecurity.com/cydia/
    Search for NeedleAgent and install the package

Install Dependencies

 Kali
# Unix packages

sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 lib32ncurses5-dev

# Python packages
sudo pip install readline paramiko sshtunnel frida mitmproxy biplist

 

 OS X
# Core dependencies

brew install python
brew install libxml2
xcode-select --install

# Python packages
sudo -H pip install --upgrade --user readline
sudo -H pip install --upgrade --user paramiko
sudo -H pip install --upgrade --user sshtunnel
sudo -H pip install --upgrade --user frida
sudo -H pip install --upgrade --user biplist

# sshpass
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# mitmproxy
wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz
tar -xvzf mitmproxy-0.17.1-osx.tar.gz
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/

 

 Install needle

git clone https://github.com/mwrlabs/needle.git

 

 Usage

  • Open the NeedleAgent app on your device.
  • Then, tap on Listen in the top left corner and it will start listening on port 4444 by default. This can be changed using the field in the top right.
$ python needle.py

__ _ _______ _______ ______ ______
| \ | |______ |______ | \ | |______
| \_| |______ |______ |_____/ |_____ |______
Needle v1.0 [mwr.to/needle]
[MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]

[needle] > help
Commands (type [help|?] <topic>):
---------------------------------
back exit info kill pull reload search shell show use
exec_command help jobs load push resource set shell_local unset

[needle] > show options

Name Current Value Required Description
------------------------ ------------- -------- -----------
AGENT_PORT 4444 yes Port on which the Needle Agent is listening
APP no Bundle ID of the target application (e.g., com.example.app). Leave empty to launch wizard
DEBUG False yes Enable debugging output
HIDE_SYSTEM_APPS False yes If set to True, only 3rd party apps will be shown
IP 127.0.0.1 yes IP address of the testing device (set to localhost to use USB)
OUTPUT_FOLDER /root/.needle/output yes Full path of the output folder, where to store the output of the modules
PASSWORD ******** yes SSH Password of the testing device
PORT 2222 yes Port of the SSH agent on the testing device (needs to be != 22 to use USB)
PUB_KEY_AUTH True yes Use public key auth to authenticate to the device. Key must be present in the ssh-agent if a passphrase is used
SAVE_HISTORY True yes Persists command history across sessions
SKIP_OUTPUT_FOLDER_CHECK False no Skip the check that ensures the output folder does not already contain other files. It will automatically overwrite any file
USERNAME root yes SSH Username of the testing device
VERBOSE True yes Enable verbose output

[needle] >

Copyright (c) 2017, MWR InfoSecurity All rights reserved.

 Source: https://github.com/mwrlabs/