How to Setup and Install PassionFruit On macOS

By
Osama Mahmood
-
0
301
How to Setup and Install PassionFruit On macOS

Hello friends how are you doing so in this article we are going to cover How to Setup and Install PassionFruit On macOS. It is a very simple and efficient tool that can be used by Pentesters to make there work easier and give them a better understanding of the application they are testing.

What is PassionFruit?

It is a simple iOS app BlackBox assessment tool. Powered by frida.re and vuejs. It provides you with a user-friendly web interface that can be used for the assessment as it is using Frida so you can hope to get all the goods that Frida has to offer.

You do require a Jailbroken device thanks to Checkra1n jailbreak that is now possible on the latest version of iOS and you need to be connected by the lightning cable in order to use passion fruit to start the assessment activity.

Also Read: How to install Frida and Objection Framework

Features

  • Cross-platform web GUI!
  • Also supports non-jailbroken device (see non-jailbroken device).
  • List all URL schemes.
  • Check signature entitlements.
  • List human-readable app meta info (Info.plist).
  • Capture screenshot.
  • Check security: see if the target app is encrypted, and has enabled PIE, ARC and stack canary.
  • App sandbox file browser. Directly preview images, SQLite databases and plist files on the device. You can always download the file for further investigation.
  • Check the loaded frameworks. Hook exported native functions from this dylib to print the arguments and stack trace.
  • Log SQLite operations.
  • Log and try to bypass jailbreak detection.
  • List Objective-C classes from an app, hook the methods and inspect the arguments and stack trace.
  • Dump KeyChain, BinaryCookies and UserDefaults.

General

General

Checksec, url schemes and metainfo.

Finder

File browser with hex viewer, image viewer, plist viewer, and SQLite database reader.

Modules

Loaded frameworks and their exported symbols.

Classes

Objective C classes and methods.

Console

Intercepted calls, arguments and stack trace.

UIDump

Dump UI description of the key window.

keychain

KeyChain reader.

Setup

Desktop requirements:

  • Latest node.js (>=7.10.1) and npm to run the API server and web GUI
  • Any modern desktop browser you like

Passionfruit is now available on npm, so just type the following command to install:

npm install -g passionfruit
If you get any error like “Missing write access” error when using npm. The first time you try to install a package globally using npm, using the syntax npm install -g <package> on a Mac, or Linux, you might get a weird error, saying something like:

Missing write access to /usr/local/lib/node_modules

Or something along those lines, followed by a long list of other errors or warnings, a consequence of the first error that’s printed to you.

This error is preventing us to install the package.

How do you fix this? It’s a permission error, which means you don’t have write access to that folder.

This is how to solve it. Run this command:

sudo chown -R $USER /usr/local/lib/node_modules
Let’s break it down:

sudo means we are running this command as root, the system superuser. This is because we don’t have permission to write to that folder, but root will be able to fix any permission. This command also means the system will ask for your password to confirm.

chown is the command we use to change the owner of a file or folder. We set the -R option to change the owner recursively, so we also get owner access to all the files already contained in there.

$USER is an environment variable automatically set to your username.

And the final piece is the folder path.

Running this path will make the folder yours, so you can safely run your npm install -g <package> commands!

Pay attention to the folder listed by the error message. If it’s different, update the chown command accordingly.

Then launch it:

Just run this command in the terminal and it will open up in the browser.

passionfruit

Note that if the port 31337 is in use, the set environment variable PORT to use an alternative port. Also, setting HOST can force to listen on an alternative interface, but be careful because it has no authentication yet:

HOST=192.168.1.100 PORT=12345 passionfruit

Security Warning

Passionfruit does not support authentication now, so anyone that have access to the web page may control your connected devices!

Device setup:

Jailbroken Device

See https://www.frida.re/docs/ios/

Start Cydia and add Frida’s repository by going to Manage -> Sources -> Edit -> Add and enter https://build.frida.re. You should now be able to find and install the Frida package which lets Frida inject JavaScript into apps running on your iOS device. This happens over USB, so you will need to have your USB cable handy, though there’s no need to plug it in just yet.

Non-jailbroken Device

Official documentation of Frida.re (linked above) also introduces how to inject FridaGadget.dylib to the IPA, requires to repack and resigns.

Here are some articles about how to do so:

Development setup

Clone this project and install requirements:

git clone https://github.com/chaitin/passionfruit.git
npm install

For those who want to contribute, you may probably need to restart the API server and reload the webpage each time you make a change. The following steps enable live reload.

npm run dev

The browser will be open (http://localhost:8080)

That’s it for this article if you get any error do comment down below and we will try to help.

RELATED ARTICLESMORE FROM AUTHOR