• Stars
    star
    725
  • Rank 62,504 (Top 2 %)
  • Language
    Objective-C
  • License
    GNU General Publi...
  • Created almost 12 years ago
  • Updated about 8 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Security profiling for blackbox iOS

Introspy-iOS

Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues.

See http://isecpartners.github.io/Introspy-iOS/ for a quick introduction.

Description

This is the repository for the Introspy-iOS tracer.

The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records details of relevant API calls, including arguments and return values and persists them in a database. Additionally, the calls are also sent to the Console for real-time analysis.

The database can then be fed to Introspy-Analyzer, a Python script to generate HTML reports containing the list of logged function calls as well as a list of potential vulnerabilities affecting the application. Introspy-Analyzer is hosted on a separate repository: https://github.com/iSECPartners/Introspy-Analyzer

Installation

Users should first download the latest pre-compiled Debian package available in the release section of the project page at: https://github.com/integrity-sa/Introspy-iOS/releases or for older releases at https://github.com/iSECPartners/Introspy-iOS/releases

Dependencies

The tracer will only run on a jailbroken device. Using Cydia, make sure the following packages are installed:

  • dpkg
  • Cydia Substrate
  • PreferenceLoader
  • Applist

How to install

Download and copy the Debian package to the device; install it:

scp <package.deb> root@<device_ip>:~
ssh root@<device_ip>
dpkg -i <package.deb>

Respring the device:

killall -HUP SpringBoard

There should be two new menus in the device's Settings. The Apps menu allows you to select which applications will be profiled while the Settings menu defines which API groups are being hooked.

Finally, kill and restart the App you want to monitor.

How to uninstall

dpkg -r com.isecpartners.introspy

Generating HTML Reports

The tracer will store data about API calls made by applications in a database stored on the device (actually one in each application's folder). This database can be fed to a Python script call Introspy-Analyzer in order to generate HTML reports that make it a lot easier to review the data collected by the tracer. The script will also analyze and flag dangerous API calls in order to facilitate the process of identifying vulnerabilities within iOS applications.

Introspy-Analyzer is hosted on a separate repository: https://github.com/iSECPartners/Introspy-Analyzer

Building Introspy-iOS

Most users should just download and install the pre-compiled Debian package. However, if you want to modify the library's functionality you will have to build the Debian package yourself.

The build requires the Theos suite, available at https://github.com/theos/theos. For general instructions on how to install Theos, see https://github.com/theos/theos/wiki/Installation.

You must also set the $THEOS variable in your environment, and export it so make will see its value when you run it

export THEOS=/absolute/path/to/theos
export PATH=$THEOS/bin:$PATH

Then, the package can be built using:

make package

Once you've successfully created the debian package, you can use Theos to automatically install the package and re-spring the device by specifying the device's IP address in the THEOS_DEVICE_IP environment variable:

export THEOS_DEVICE_IP=192.168.1.127
make install

License

See ./LICENSE.

Authors

  • Tom Daniels
  • Alban Diquet

Maintainers

  • Herman Duarte

More Repositories

1

ios-ssl-kill-switch

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps
Objective-C
894
star
2

Android-SSL-TrustKiller

Bypass SSL certificate pinning for most applications
Java
704
star
3

sslyze

Current development of SSLyze now takes place on a separate repository
Python
644
star
4

jailbreak

Jailbreak
C++
472
star
5

Introspy-Android

Security profiling for blackbox Android
Java
464
star
6

android-ssl-bypass

Black box tool to bypass SSL verification on Android, even when pinning is used.
Java
314
star
7

yontma-mac

You'll Never Take Me Alive!
Objective-C
233
star
8

ssl-conservatory

Sample SSL client code for correct endpoint validation.
Objective-C
232
star
9

Introspy-Analyzer

JavaScript
213
star
10

LibTech-Auditing-Cheatsheet

Python
198
star
11

nano-ecc

A very small ECC implementation for 8-bit microcontrollers
C
149
star
12

Android-OpenDebug

Make any application debuggable
Java
132
star
13

jailbreak-Windows

Certificate extraction tool for Windows
125
star
14

tlspretense

A test framework for testing SSL/TLS client certificate validation.
Ruby
95
star
15

yontma

You'll never take me alive.
C++
85
star
16

Android-KillPermAndSigChecks

Bypass signature and permission checks for IPCs
Java
82
star
17

publications

iSEC Partners' research publications
C++
76
star
18

RtspFuzzer

RTSP network protocol fuzzer
Python
64
star
19

femtocatcher

Java
54
star
20

manifest-explorer

A tool for viewing Android application Manifests.
Java
48
star
21

fuzzbox

A multi-codec media fuzzing tool.
Python
42
star
22

scout

AWS EC2 and S3 Security Auditing Tool
Clojure
41
star
23

dnsRedir

Python
38
star
24

R2B2

A brute-forcing delta robot
Python
27
star
25

PeachFarmer

A log collector for Peach fuzzing in the cloud
C#
27
star
26

vtfinder

pykd script to dynamically find vtables on heap (windows x86/x64)
Python
24
star
27

sqlperms

A tool for calculating necessary SQL Server permissions
C#
23
star
28

package-play

Tool for viewing Android package details, including permissions, services, activities, and more.
Java
22
star
29

libshambles

A library for efficient interception of established TCP connections
C++
19
star
30

hiccupy

Jython binding for Burp to facilitate realtime traffic analysis and modification using simple plugins.
Java
14
star
31

ZigTools

C
11
star
32

ccs-testing-tool

9
star
33

samlpummel

A BeanShell plugin for WebScarab to automate SAML auditing.
Java
8
star
34

gizmo

A graphical web proxy written in Java. It is designed to be speedy, with the user interfaced centered around keyboard use. It should do what you want, and then get out of your way.
Java
8
star
35

extractparam

Java
7
star
36

SecureNSCoder

NSKeyed(Un)ArchiverDelegate implementation to encrypt state prior to preservation and decrypt it when restoring.
Objective-C
6
star