Your Perfect Cybersecurity Partner

Stay Connected:

Grapefruit

Image

Grapefruit is a runtime Application Instruments for iOS application and previously it was known by passionfruit. It is used in runtime analysis, which can able to get iOS app details like binary information,listing classes, methods, browsing application’s files in real-time, etc..   

Installation 

Git clone

git clone --recurse-submodules https://github.com/ChiChou/Grapefruit

Install dependencies

  •  node.js v12.x 
  •  tmux (or Windows Terminal on Windows) 
  •  Install frida in iphone and in laptop, 

Refer the blog for frida installation 

https://www.briskinfosec.com/blogs/blogsdetail/Getting-Started-with-Frida 

Install npm packages: 

npm install 

Start development server: 

npm start 

Default webpack url is http://localhost:8080 

Demo

 

Features 

   1. Cross plarform web GUI!

  • Also supports non-jailbroken device (patching IPA with frida).
  • List all url schemes.
  • Check signature entitlements.
  • List human readable app meta info (Info.plist).
  • Capture screenshot.
  • Checksec: see if target app is encrypted, and has enabled PIE, ARC and stack canary.

    2. App sandbox file browser. Directly preview images, SQLite databases and plist files on device. You can always download the file for further investigation.

  3. Check the loaded frameworks. Hook exported native functions from these dylib to print the arguments and stack trace.

  • Log SQLite operations.

    4. List Objective-C classes from app, hook the methods and inspect the  arguments and stack trace.

  • Dump KeyChain, BinaryCookies and UserDefaults.

Usages

  • Basic, Checksec, url schemes
  • Storage, Inspector
  • File browser with hex viewer, image viewer, plist viewer and SQLite database reader.
  • Objective C classes and methods. 

For more details : https://github.com/chaitin/passionfruit