ios测试神器needle使用环境搭建

这是Mwrlabs 继drozer之后，又出一款ios测试神器needle。

使用要求

一部越狱后的iphone手机，暂时只支持到了ios8和ios9

越狱后的iphone需要安装（缺一不可）：

1、Cydia

2、OpenSSH

3、Apt 0.7 Strict

系统依赖环境搭建

 

	# Core dependencies    
brew install python    
brew install libxml2    
xcode-select --install 



	# Pythonpackages  sudo -H pip install --upgrade --user readline  sudo -H pip install --upgrade --user paramiko  sudo -H pip install --upgrade --user sshtunnel  sudo -H pip install --upgrade --user frida 



	# sshpass  brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb 



	# mitmproxy  wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz  tar -xvzf mitmproxy-0.17.1-osx.tar.gz  sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/ 



	#libimobiledevice4  brew install -v --fresh automake autoconf libtool wgetlibimobiledevice  brew install -v --HEAD --fresh --build-from-source ideviceinstaller 

神器下载：gitclone https://github.com/mwrlabs/needle.git

needle使用

进入到needle 目录执行 python needle.py 即可启动

1.通过show options 可以查看正常运行时所需设置的属性。

bogon:needle an$ python needle.py

      __  _ _______ _______ ______     _______
      | \ | |______ |______ |   \ |   |______
      | \_| |______ |______ |_____/ |_____ |______

         Needle v0.0.4 [mwr.to/needle]
 [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]

[needle] > show options

 Name      Current Value       Required Description
 ------------- -------------       -------- -----------
 APP no Bundle ID of the target application (e.g., com.example.app). Leave empty to launch wizard
 DEBUG     False yes Enable debugging output
 IP 127.0.0.1 yes IP address of the testing device (set to localhost to use USB)
 OUTPUT_FOLDER /Users/an/.needle/output yes Full path of the output folder, where to store the output of the modules
 PASSWORD    alpine yes SSH Password of the testing device
 PORT 2222 yes Port of the SSH agent on the testing device (needs to be != 22 to use USB)
 PUB_KEY_AUTH  True yes Use public key auth to authenticate to the device. Key must be present in the ssh-agent if a passphrase is used
 SETUP_DEVICE  False yes Set to true to enable auto-configuration of the device (installation of all the tools needed)
 USERNAME    root yes SSH Username of the testing device
 VERBOSE    True yes Enable verbose output

[needle] >

2.可以通过输入把每条命令输入，也可写成配置文件在启动时运行。

(1)手动输入

 

	[needle]> set DEBUG False



	DEBUG=> False 



	[needle]> set SETUP_DEVICE True



	SETUP_DEVICE=> True 



	……

(2)通过配置文件在启动needle时读取设置

bogon:needle$ python needle.py -r config.txt  __  _ _______ _______ ______     _______  | \ | |______ |______ |   \ |   |______  | \_| |______ |______ |_____/ |_____ |______  Needle v0.0.4 [mwr.to/needle] [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]

[*] Loading commands from resource file
[needle] > set DEBUG False
DEBUG => False
[needle] > set VERBOSE True
VERBOSE => True
[needle] > set PUB_KEY_AUTH True
PUB_KEY_AUTH => True
[needle] > set SETUP_DEVICE True
SETUP_DEVICE => True
[needle] > set IP 127.0.0.1
IP => 127.0.0.1
[needle] > set PORT 2222
PORT => 2222
[needle] > use binary/metadata
[needle][metadata] > EOF
[+] Resource file successfully loaded
[needle][metadata] > 

注意:第一次运行needle 务必将SETUP_DEVICE设置为True，这样就会自动为iphone安装依赖工具。以后可将SETUP_DEVICE设置为False。

到这一步即可正常使用。

[needle][metadata] > run
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[V] Setting up SSH connection...
[+] Connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[*] Configuring device...
[?] Error occurred during installation of tools: E: Couldn't find package ondeviceconsole
[?] Trying to continue anyway...
[*] Target app not selected. Launching wizard...
[V] Refreshing list of installed apps...
[+] Apps found:  0 - com.az.azdribbble  1 - com.e4bf058461-1-42  2 - com.ss.iphone.article.News Please select a number: 0
[+] Target app: com.az.azdribbble
[*] Retrieving app's metadata...
[+] Name        : PGDribbble.app
[+] Binary Name     : PGDribbble
[+] Bundle ID      : com.az.azdribbble
[+] UUID        : 081C6042-6C0C-4D92-806D-D578EA20203B
[+] App Version     : 10009 (1.0.0)
[+] Data Directory   : /private/var/mobile/Containers/Data/Application/5D25604C-8707-4036-ACAC-0A0F0732F808
[+] Bundle Directory  : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B
[+] Binary Directory  : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B/PGDribbble.app
[+] Binary Path     : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B/PGDribbble.app/PGDribbble
[+] Architectures    : arm64
[+] Platform Version  : 9.3
[+] SDK Version     : iphoneos9.3
[+] Minimum OS     : 9.0
[+] Entitlements
[+] 		 application-identifier         : 8SCA46H5FT.com.az.azdribbble
[+] 		 com.apple.developer.team-identifier   : 8SCA46H5FT
[+] 		 keychain-access-groups         : ['8SCA46H5FT.com.az.azdribbble']
[+] 		 aps-environment             : production
[*] URL Handlers not found
[+] Apple Transport Security Settings
[+] 		 NSAllowsArbitraryLoads         : 1
[*] No Application Extensions found
[needle][metadata] > 

具体使用命令就不在此列举，毕竟刚出没多久还有许多坑需要填。

感兴趣的小伙伴可以参考官方文档：https://labs.mwrinfosecurity.com/blog/needle-how-to

*本文作者：Andy110