ios测试神器needle使用环境搭建

这是Mwrlabs 继drozer之后，又出一款ios测试神器needle。

使用要求

一部越狱后的iphone手机，暂时只支持到了ios8和ios9

越狱后的iphone需要安装（缺一不可）：

1、Cydia

2、OpenSSH

3、Apt 0.7 Strict

系统依赖环境搭建

# Core dependencies
brew install python
brew install libxml2
xcode-select –install

# Pythonpackages
sudo -H pip install –upgrade –user readline
sudo -H pip install –upgrade –user paramiko
sudo -H pip install –upgrade –user sshtunnel
sudo -H pip install –upgrade –user frida

# sshpass
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# mitmproxy
wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz
tar -xvzf mitmproxy-0.17.1-osx.tar.gz
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/

#libimobiledevice4
brew install -v –fresh automake autoconf libtool wgetlibimobiledevice
brew install -v –HEAD –fresh –build-from-source ideviceinstaller

神器下载：gitclone https://github.com/mwrlabs/needle.git

needle使用

进入到needle 目录执行 python needle.py 即可启动

1.通过show options 可以查看正常运行时所需设置的属性。

bogon:needle an$ python needle.py

      __  _ _______ _______ ______     _______
      | \ | |______ |______ |   \ |   |______
      | \_| |______ |______ |_____/ |_____ |______

         Needle v0.0.4 [mwr.to/needle]
 [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]

[needle] > show options

 Name      Current Value       Required Description
 ------------- -------------       -------- -----------
 APP                   no    Bundle ID of the target application (e.g., com.example.app). Leave empty to launch wizard
 DEBUG     False           yes    Enable debugging output
 IP       127.0.0.1         yes    IP address of the testing device (set to localhost to use USB)
 OUTPUT_FOLDER /Users/an/.needle/output yes    Full path of the output folder, where to store the output of the modules
 PASSWORD    alpine          yes    SSH Password of the testing device
 PORT      2222           yes    Port of the SSH agent on the testing device (needs to be != 22 to use USB)
 PUB_KEY_AUTH  True           yes    Use public key auth to authenticate to the device. Key must be present in the ssh-agent if a passphrase is used
 SETUP_DEVICE  False           yes    Set to true to enable auto-configuration of the device (installation of all the tools needed)
 USERNAME    root           yes    SSH Username of the testing device
 VERBOSE    True           yes    Enable verbose output

[needle] >

2.可以通过输入把每条命令输入，也可写成配置文件在启动时运行。

(1)手动输入

[needle]> set DEBUG False

DEBUG=> False

[needle]> set SETUP_DEVICE True

SETUP_DEVICE=> True

……

(2)通过配置文件在启动needle时读取设置

bogon:needle$ python needle.py -r config.txt

      __  _ _______ _______ ______     _______
      | \ | |______ |______ |   \ |   |______
      | \_| |______ |______ |_____/ |_____ |______

         Needle v0.0.4 [mwr.to/needle]
 [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]

[*] Loading commands from resource file
[needle] > set DEBUG False
DEBUG => False
[needle] > set VERBOSE True
VERBOSE => True
[needle] > set PUB_KEY_AUTH True
PUB_KEY_AUTH => True
[needle] > set SETUP_DEVICE True
SETUP_DEVICE => True
[needle] > set IP 127.0.0.1
IP => 127.0.0.1
[needle] > set PORT 2222
PORT => 2222
[needle] > use binary/metadata
[needle][metadata] > EOF
[+] Resource file successfully loaded
[needle][metadata] >

注意:第一次运行needle 务必将SETUP_DEVICE设置为True，这样就会自动为iphone安装依赖工具。以后可将SETUP_DEVICE设置为False。

到这一步即可正常使用。

[needle][metadata] > run
[*] Checking connection with device...
[V] Connection not present, creating a new instance
[V] Setting up USB port forwarding on port 2222
[V] Setting up SSH connection...
[+] Connected to: 127.0.0.1
[V] Creating temp folder: /var/root/needle/
[*] Configuring device...
[?] Error occurred during installation of tools: E: Couldn't find package ondeviceconsole
[?] Trying to continue anyway...
[*] Target app not selected. Launching wizard...
[V] Refreshing list of installed apps...
[+] Apps found:
		0 - com.az.azdribbble
		1 - com.e4bf058461-1-42
		2 - com.ss.iphone.article.News
Please select a number: 0
[+] Target app: com.az.azdribbble
[*] Retrieving app's metadata...
[+] Name        : PGDribbble.app
[+] Binary Name     : PGDribbble
[+] Bundle ID      : com.az.azdribbble
[+] UUID        : 081C6042-6C0C-4D92-806D-D578EA20203B
[+] App Version     : 10009 (1.0.0)
[+] Data Directory   : /private/var/mobile/Containers/Data/Application/5D25604C-8707-4036-ACAC-0A0F0732F808
[+] Bundle Directory  : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B
[+] Binary Directory  : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B/PGDribbble.app
[+] Binary Path     : /private/var/mobile/Containers/Bundle/Application/081C6042-6C0C-4D92-806D-D578EA20203B/PGDribbble.app/PGDribbble
[+] Architectures    : arm64
[+] Platform Version  : 9.3
[+] SDK Version     : iphoneos9.3
[+] Minimum OS     : 9.0
[+] Entitlements
[+] 		 application-identifier         : 8SCA46H5FT.com.az.azdribbble
[+] 		 com.apple.developer.team-identifier   : 8SCA46H5FT
[+] 		 keychain-access-groups         : ['8SCA46H5FT.com.az.azdribbble']
[+] 		 aps-environment             : production
[*] URL Handlers not found
[+] Apple Transport Security Settings
[+] 		 NSAllowsArbitraryLoads         : 1
[*] No Application Extensions found
[needle][metadata] >

具体使用命令就不在此列举，毕竟刚出没多久还有许多坑需要填。

感兴趣的小伙伴可以参考官方文档：https://labs.mwrinfosecurity.com/blog/needle-how-to