needle: iOS Security Testing Framework

by do son · Published July 7, 2017 · Updated October 25, 2022

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.

Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one-stop-shop’ for the majority of use cases, however, iOS does not have an equivalent.

Image: testlodge

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals but also for developers looking to secure their code. A few examples of testing areas covered by Needle include data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.

Needle is open source software, maintained by MWR InfoSecurity.

Installation

Requirement:

Jailbroken device
Cydia
Apt 0.7 Strict
Needle Agent
Add the following repository to the Cydia Sources: http://mobiletools.mwrinfosecurity.com/cydia/
Search for NeedleAgent and install the package

Install Dependencies

Kali

# Unix packages

sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 lib32ncurses5-dev



# Python packages

sudo pip install readline paramiko sshtunnel frida mitmproxy biplist

OS X

# Core dependencies

brew install python

brew install libxml2

xcode-select --install



# Python packages

sudo -H pip install --upgrade --user readline

sudo -H pip install --upgrade --user paramiko

sudo -H pip install --upgrade --user sshtunnel

sudo -H pip install --upgrade --user frida

sudo -H pip install --upgrade --user biplist



# sshpass

brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb



# mitmproxy

wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz

tar -xvzf mitmproxy-0.17.1-osx.tar.gz

sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/

Install needle

git clone https://github.com/mwrlabs/needle.git

Usage

Open the NeedleAgent app on your device.
Then, tap on Listen in the top left corner and it will start listening on port 4444 by default. This can be changed using the field in the top right.

$ python needle.py

      __  _ _______ _______ ______         ______

      | \ | |______ |______ | \     |      |______

      | \_| |______ |______ |_____/ |_____ |______

                  Needle v1.0 [mwr.to/needle] 

    [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]



[needle] > help

Commands (type [help|?] <topic>):

---------------------------------

back exit info kill pull reload search shell show use

exec_command help jobs load push resource set shell_local unset



[needle] > show options



  Name                      Current Value                Required  Description

  ------------------------  -------------                --------  -----------

  AGENT_PORT                4444                         yes       Port on which the Needle Agent is listening

  APP                                                    no        Bundle ID of the target application (e.g., com.example.app). Leave empty to launch wizard

  DEBUG                     False                        yes       Enable debugging output

  HIDE_SYSTEM_APPS          False                        yes       If set to True, only 3rd party apps will be shown

  IP                        127.0.0.1                    yes       IP address of the testing device (set to localhost to use USB)

  OUTPUT_FOLDER             /root/.needle/output         yes       Full path of the output folder, where to store the output of the modules

  PASSWORD                  ********                     yes       SSH Password of the testing device

  PORT                      2222                         yes       Port of the SSH agent on the testing device (needs to be != 22 to use USB)

  PUB_KEY_AUTH              True                         yes       Use public key auth to authenticate to the device. Key must be present in the ssh-agent if a passphrase is used

  SAVE_HISTORY              True                         yes       Persists command history across sessions

  SKIP_OUTPUT_FOLDER_CHECK  False                        no        Skip the check that ensures the output folder does not already contain other files. It will automatically overwrite any file

  USERNAME                  root                         yes       SSH Username of the testing device

  VERBOSE                   True                         yes       Enable verbose output



[needle] >

Source: https://github.com/mwrlabs/

needle: iOS Security Testing Framework

Search

Brilliantly

Content & Links