Needle:iOS的安全性测试框架(附使用与环境搭建)

项目地址:

https://github.com/mwrlabs/needle

项目介绍:

Needle是一个开源的模块化框架,主要简化iOS应用程序安全评估过程,并作为一个中心点。鉴于其模块化方法,Needle很容易扩展新模块,可以以Python脚本的形式加入。Needle针对的不仅是安全专家,也为开发者保护其代码没有安全漏洞。通过Needle覆盖测试区的几个例子包括:数据存储,进程间通信,网络通信,静态代码分析,HOOK和二进制保护。为了有效地运行Needle,需要越狱的设备。

安装

Kali:

# Unix packages

sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 libimobiledevice4 libimobiledevice-utils lib32ncurses5-dev

# Python packages

sudo pip install readline

sudo pip install paramiko

sudo pip install sshtunnel

sudo pip install frida

sudo pip install mitmproxy

OSX:

# Core dependencies

brew install python

brew install libxml2

xcode-select –install

# Python packages

sudo -H pip install –upgrade –user readline

sudo -H pip install –upgrade –user paramiko

sudo -H pip install –upgrade –user sshtunnel

sudo -H pip install –upgrade –user frida

# sshpass

brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# mitmproxy

wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz

tar -xvzf mitmproxy-0.17.1-osx.tar.gz

sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/

# libimobiledevice4

brew install -v –fresh automake autoconf libtool wget libimobiledevice

brew install -v –HEAD –fresh –build-from-source ideviceinstaller

使用与环境搭建

使用要求

一部越狱后的iphone手机,暂时只支持到了ios8和ios9

越狱后的iphone需要安装(缺一不可):

  • Cydia
  • OpenSSH
  • Apt 0.7 Strict

系统依赖环境搭建

# Core dependencies 
brew install python 
brew install libxml2 
xcode-select --install

# Pythonpackages 
sudo -H pip install --upgrade --user readline 
sudo -H pip install --upgrade --user paramiko 
sudo -H pip install --upgrade --user sshtunnel 
sudo -H pip install --upgrade --user frida

# sshpass 
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# mitmproxy 
wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz 
tar -xvzf mitmproxy-0.17.1-osx.tar.gz 
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/

#libimobiledevice4 
brew install -v --fresh automake autoconf libtool wgetlibimobiledevice 
brew install -v --HEAD --fresh --build-from-source ideviceinstaller

gitclone:https://github.com/mwrlabs/needle.git

needle使用

进入到needle 目录执行 python needle.py 即可启动

1.通过show options 可以查看正常运行时所需设置的属性。

bogon:needle an$ python needle.py

__ _ _______ _______ ______ _______
 | \ | |______ |______ | \ | |______
 | \_| |______ |______ |_____/ |_____ |______

Needle v0.0.4 [mwr.to/needle]
 [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]

[needle] > show options

Name Current Value Required Description
 ------------- ------------- -------- -----------
 APP no Bundle ID of the target application (e.g., com.example.app). Leave empty to launch wizard
 DEBUG False yes Enable debugging output
 IP 127.0.0.1 yes IP address of the testing device (set to localhost to use USB)
 OUTPUT_FOLDER /Users/an/.needle/output yes Full path of the output folder, where to store the output of the modules
 PASSWORD alpine yes SSH Password of the testing device
 PORT 2222 yes Port of the SSH agent on the testing device (needs to be != 22 to use USB)
 PUB_KEY_AUTH True yes Use public key auth to authenticate to the device. Key must be present in the ssh-agent if a passphrase is used
 SETUP_DEVICE False yes Set to true to enable auto-configuration of the device (installation of all the tools needed)
 USERNAME root yes SSH Username of the testing device
 VERBOSE True yes Enable verbose output

[needle] >

2.可以通过输入把每条命令输入,也可写成配置文件在启动时运行。

(1)手动输入

[needle]> set DEBUG False

DEBUG=> False

[needle]> set SETUP_DEVICE True

SETUP_DEVICE=> True

……

(2)通过配置文件在启动needle时读取设置

bogon:needle$ python needle.py -r config.txt

__ _ _______ _______ ______ _______
 | \ | |______ |______ | \ | |______
 | \_| |______ |______ |_____/ |_____ |______

Needle v0.0.4 [mwr.to/needle]
 [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]

[*] Loading commands from resource file
[needle] > set DEBUG False
DEBUG => False
[needle] > set VERBOSE True
VERBOSE => True
[needle] > set PUB_KEY_AUTH True
PUB_KEY_AUTH => True
[needle] > set SETUP_DEVICE True
SETUP_DEVICE => True
[needle] > set IP 127.0.0.1
IP => 127.0.0.1
[needle] > set PORT 2222
PORT => 2222
[needle] > use binary/metadata
[needle][metadata] > EOF
[+] Resource file successfully loaded
[needle][metadata] >

注意:第一次运行needle 务必将SETUP_DEVICE设置为True,这样就会自动为iphone安装依赖工具。以后可将SETUP_DEVICE设置为False。

到这一步即可正常使用。

[needle][metadata] > run
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[V] Setting up SSH connection...
[+] Connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[*] Configuring device...
[?] Error occurred during installation of tools: E: Couldn't find package ondeviceconsole
[?] Trying to continue anyway...
[*] Target app not selected. Launching wizard...
[V] Refreshing list of installed apps...
[+] Apps found:
 0 - com.az.azdribbble
 1 - com.e4bf058461-1-42
 2 - com.ss.iphone.article.News
Please select a number: 0
[+] Target app: com.az.azdribbble
[*] Retrieving app's metadata...
[+] Name : PGDribbble.app
[+] Binary Name : PGDribbble
[+] Bundle ID : com.az.azdribbble
[+] UUID : 081C6042-6C0C-4D92-806D-D578EA20203B
[+] App Version : 10009 (1.0.0)
[+] Data Directory : /private/var/mobile/Containers/Data/Application/5D25604C-8707-4036-ACAC-0A0F0732F808
[+] Bundle Directory : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B
[+] Binary Directory : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B/PGDribbble.app
[+] Binary Path : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B/PGDribbble.app/PGDribbble
[+] Architectures : arm64
[+] Platform Version : 9.3
[+] SDK Version : iphoneos9.3
[+] Minimum OS : 9.0
[+] Entitlements
[+] application-identifier : 8SCA46H5FT.com.az.azdribbble
[+] com.apple.developer.team-identifier : 8SCA46H5FT
[+] keychain-access-groups : ['8SCA46H5FT.com.az.azdribbble']
[+] aps-environment : production
[*] URL Handlers not found
[+] Apple Transport Security Settings
[+] NSAllowsArbitraryLoads : 1
[*] No Application Extensions found
[needle][metadata] >

具体使用命令可以参考官方文档:https://labs.mwrinfosecurity.com/blog/needle-how-to

演示

QQ截图20160901130502

原创文章,作者:Moto,如若转载,请注明出处:http://www.mottoin.com/tools/88741.html

发表评论

登录后才能评论

联系我们

021-62666911

在线咨询:点击这里给我发消息

邮件:root@mottoin.com

工作时间:周一至周五,9:30-18:30,节假日休息

QR code