needle – An iOS Security Testing Framework

needle, is an open source, modular framework to streamline the process of conducting security assessments of iOS applications  and acts as a central point from which to do so.

The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

Needle is easily extensible and new modules can be added in the form of python scripts.

Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code.

Examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections.

The only requirement in order to run Needle effectively is a jailbroken device.  Needle is open source software, maintained by MWR InfoSecurity .

 

Installation:

Download needle:

git clone https://github.com/mwrlabs/needle.git

 

Install dependencies

For Kali Linux:

# Unix packages
sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 lib32ncurses5-dev

# Python packages
sudo pip install readline
sudo pip install paramiko
sudo pip install sshtunnel
sudo pip install frida
sudo pip install mitmproxy

 

For OS X

# Core dependencies
brew install python
brew install libxml2
xcode-select --install

# Python packages
sudo -H pip install --upgrade --user readline
sudo -H pip install --upgrade --user paramiko
sudo -H pip install --upgrade --user sshtunnel
sudo -H pip install --upgrade --user frida

# sshpass
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# mitmproxy
wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz
tar -xvzf mitmproxy-0.17.1-osx.tar.gz
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/

# libimobiledevice4
brew install -v --fresh automake autoconf libtool wget libimobiledevice
brew install -v --HEAD --fresh --build-from-source ideviceinstaller

 

Supported Platforms:

  • Workstation: Works on both Kali and OSX
  • Device: iOS 8 & iOS 9 are supported

How to use:

Usage instructions can be found in the project Wiki .
A complete walk through on how to quickly get up to speed with Needle can be found on the MWR Labs website:https://labs.mwrinfosecurity.com/blog/needle-how-to/

 

needle

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience