Hello friends how are you doing so in this article we are going to cover How to Setup and Install PassionFruit On macOS. It is a very simple and efficient tool that can be used by Pentesters to make there work easier and give them a better understanding of the application they are testing.
What is PassionFruit?
It is a simple iOS app BlackBox assessment tool. Powered by frida.re and vuejs. It provides you with a user-friendly web interface that can be used for the assessment as it is using Frida so you can hope to get all the goods that Frida has to offer.
You do require a Jailbroken device thanks to Checkra1n jailbreak that is now possible on the latest version of iOS and you need to be connected by the lightning cable in order to use passion fruit to start the assessment activity.
Also Read: How to install Frida and Objection Framework
Features
- Cross-platform web GUI!
- Also supports non-jailbroken device (see non-jailbroken device).
- List all URL schemes.
- Check signature entitlements.
- List human-readable app meta info (Info.plist).
- Capture screenshot.
- Check security: see if the target app is encrypted, and has enabled PIE, ARC and stack canary.
- App sandbox file browser. Directly preview images, SQLite databases and plist files on the device. You can always download the file for further investigation.
- Check the loaded frameworks. Hook exported native functions from this dylib to print the arguments and stack trace.
- Log SQLite operations.
- Log and try to bypass jailbreak detection.
- List Objective-C classes from an app, hook the methods and inspect the arguments and stack trace.
- Dump KeyChain, BinaryCookies and UserDefaults.
Checksec, url schemes and metainfo.
File browser with hex viewer, image viewer, plist viewer, and SQLite database reader.
Loaded frameworks and their exported symbols.
Objective C classes and methods.
Intercepted calls, arguments and stack trace.
Dump UI description of the key window.
KeyChain reader.
Setup
Desktop requirements:
- Latest node.js (>=7.10.1) and npm to run the API server and web GUI
- Any modern desktop browser you like
Passionfruit is now available on npm, so just type the following command to install:
npm install -g passionfruit
npm install -g <package>
on a Mac, or Linux, you might get a weird error, saying something like:Missing write access to /usr/local/lib/node_modules
Or something along those lines, followed by a long list of other errors or warnings, a consequence of the first error that’s printed to you.
This error is preventing us to install the package.
How do you fix this? It’s a permission error, which means you don’t have write access to that folder.
This is how to solve it. Run this command:
sudo chown -R $USER /usr/local/lib/node_modules
Let’s break it down:
sudo means we are running this command as root, the system superuser. This is because we don’t have permission to write to that folder, but root
will be able to fix any permission. This command also means the system will ask for your password to confirm.
chown
is the command we use to change the owner of a file or folder. We set the -R
option to change the owner recursively, so we also get owner access to all the files already contained in there.
$USER
is an environment variable automatically set to your username.
And the final piece is the folder path.
Running this path will make the folder yours, so you can safely run your npm install -g <package>
commands!
Pay attention to the folder listed by the error message. If it’s different, update the chown
command accordingly.
Then launch it:
Just run this command in the terminal and it will open up in the browser.
passionfruit
Note that if the port 31337 is in use, the set environment variable PORT
to use an alternative port. Also, setting HOST
can force to listen on an alternative interface, but be careful because it has no authentication yet:
HOST=192.168.1.100 PORT=12345 passionfruit
Security Warning
Passionfruit does not support authentication now, so anyone that have access to the web page may control your connected devices!
Device setup:
Jailbroken Device
See https://www.frida.re/docs/ios/
Start Cydia
and add Frida’s repository by going to Manage
-> Sources
-> Edit
-> Add
and enter https://build.frida.re
. You should now be able to find and install the Frida
package which lets Frida inject JavaScript into apps running on your iOS device. This happens over USB, so you will need to have your USB cable handy, though there’s no need to plug it in just yet.
Non-jailbroken Device
Official documentation of Frida.re (linked above) also introduces how to inject FridaGadget.dylib to the IPA, requires to repack and resigns.
Here are some articles about how to do so:
- MonkeyDev/wiki/非越狱App集成#集成frida(Chinese)
- https://github.com/tanprathan/Fridpa
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/
Development setup
Clone this project and install requirements:
git clone https://github.com/chaitin/passionfruit.git
npm install
For those who want to contribute, you may probably need to restart the API server and reload the webpage each time you make a change. The following steps enable live reload.
npm run dev
The browser will be open (http://localhost:8080)
That’s it for this article if you get any error do comment down below and we will try to help.