Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Syslog modules do not extract multi line log entries when the FILTER option is used #152

Open
theSha1chemist opened this issue Apr 13, 2017 · 0 comments

Comments

@theSha1chemist
Copy link

Issue

The following syslog modules:

  • modules/dynamic/watch/syslog.py
  • modules/dynamic/monitor/syslog.py

Do not capture multi line logs when the FILTER option is used.

(this is because grep -i is used for filtering)

Expected behaviour

If the filter option is used, multi line logs should be extracted. e.g. when using introspy

Actual behaviour

Only the first line of the log entry is extracted

Steps to reproduce

  1. install the latest version of introspy https://github.com/integrity-sa/Introspy-iOS/releases
  2. configure introspy to trace function calls in the iOS settings
  3. on needle: use dynamic/watch/syslog
  4. set FILTER 'target app'
  5. only the first line of introspy's output will be printed

needle error logs

Ensure verbose and debug mode are enabled:
[needle][syslog] > run
[*] Checking connection with device...
[+] Already connected to: 192.168.0.103
[V] Creating temp folder: /var/root/needle/
[D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi
[+] Attaching to syslog (CTRL-C to quit)
[D] [REMOTE CMD] Remote Interactive TTY Command: ondeviceconsole | grep -i "DamnVulnerableIOSApp" | tee /var/root/needle/syslog
Warning: Permanently added '192.168.0.103' (RSA) to the list of known hosts.
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : ImageIO: PNG invalid PNG file: iDOT doesn't point to valid IDAT chunk
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : SecOSStatusWith error:[-34018] Error Domain=NSOSStatusErrorDomain Code=-34018 "client has neither application-identifier nor keychain-access-groups entitlements" UserInfo={NSDescription=client has neither application-identifier nor keychain-access-groups entitlements}
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants