Open theSha1chemist opened 7 years ago
The following syslog modules:
Do not capture multi line logs when the FILTER option is used.
(this is because grep -i is used for filtering)
If the filter option is used, multi line logs should be extracted. e.g. when using introspy
Only the first line of the log entry is extracted
Ensure verbose and debug mode are enabled: [needle][syslog] > run [*] Checking connection with device... [+] Already connected to: 192.168.0.103 [V] Creating temp folder: /var/root/needle/ [D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi [+] Attaching to syslog (CTRL-C to quit) [D] [REMOTE CMD] Remote Interactive TTY Command: ondeviceconsole | grep -i "DamnVulnerableIOSApp" | tee /var/root/needle/syslog Warning: Permanently added '192.168.0.103' (RSA) to the list of known hosts. Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : ImageIO: PNG invalid PNG file: iDOT doesn't point to valid IDAT chunk Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : SecOSStatusWith error:[-34018] Error Domain=NSOSStatusErrorDomain Code=-34018 "client has neither application-identifier nor keychain-access-groups entitlements" UserInfo={NSDescription=client has neither application-identifier nor keychain-access-groups entitlements} Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY----- Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Issue
The following syslog modules:
Do not capture multi line logs when the FILTER option is used.
(this is because grep -i is used for filtering)
Expected behaviour
If the filter option is used, multi line logs should be extracted. e.g. when using introspy
Actual behaviour
Only the first line of the log entry is extracted
Steps to reproduce
needle error logs
Ensure verbose and debug mode are enabled: [needle][syslog] > run [*] Checking connection with device... [+] Already connected to: 192.168.0.103 [V] Creating temp folder: /var/root/needle/ [D] [REMOTE CMD] Remote Command: if [ -d /var/root/needle/ ]; then echo "yes"; else echo "no" ; fi [+] Attaching to syslog (CTRL-C to quit) [D] [REMOTE CMD] Remote Interactive TTY Command: ondeviceconsole | grep -i "DamnVulnerableIOSApp" | tee /var/root/needle/syslog Warning: Permanently added '192.168.0.103' (RSA) to the list of known hosts. Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704]: ImageIO: PNG invalid PNG file: iDOT doesn't point to valid IDAT chunk
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : SecOSStatusWith error:[-34018] Error Domain=NSOSStatusErrorDomain Code=-34018 "client has neither application-identifier nor keychain-access-groups entitlements" UserInfo={NSDescription=client has neither application-identifier nor keychain-access-groups entitlements}
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:58 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----
Apr 13 12:33:59 iPhone DamnVulnerableIOSApp[11704] : -----INTROSPY-----