Grapefruit is a runtime application instrumentation tool for iOS that enables security automation and API security testing via Frida integration.
(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
This tool is primarily used by iOS security researchers and developers to instrument and analyze running iOS applications in real-time. It facilitates dynamic security testing and automation by injecting JavaScript code into apps over USB using Frida, helping uncover vulnerabilities and monitor API behavior.
Grapefruit currently lacks authentication on its web UI, so it is strongly recommended to restrict access to localhost only to prevent unauthorized code injection. Users should ensure their system supports Frida's N-API requirements and follow troubleshooting guides if installation issues arise.
Install Node.js from https://nodejs.org/
Install Grapefruit CLI globally via npm: npm install -g igf
Set up Frida on your iOS device by adding the Frida repository in Cydia: https://build.frida.re
Install the Frida package on the iOS device via Cydia
Connect your iOS device via USB to enable Frida injection
Run the Grapefruit CLI using the 'igf' commandigf --help
Displays help information and available command options for the Grapefruit CLI
igf -h <hostname>
Specifies the hostname for the server side (default is 127.0.0.1)
igf -p <port>
Specifies the port number for the server side (default is 31337)