Skip to content

Latest commit

 

History

History
92 lines (69 loc) · 4.09 KB

README.md

File metadata and controls

92 lines (69 loc) · 4.09 KB

10. iOS Dynamic Analysis

BurpSuite

🔗 Configuring an iOS device to work with Burp Suite

Install and configure Burpsuite following the same steps here.

  • Configure the device to use the proxy
    • Settings > Wi-Fi > Info button > Configure Proxy
    • Use Manual to set the Proxy to the host IP running BurpSuite (vboxnet LAN or Bridged LAN IP) and port 8082
  • Install the BurpSuite CA certificate on the iOS device
    • Open http://burpsuite:8082 on Safari
    • Select CA Certificate and click Allow to confirm the config profile download
    • Settings > General > VPN & Device Management > Downloaded Profile
      • Install the PortSwigger CA
    • Settings > General > About > Certificate Trust Settings
      • Activate the toggle switch to enable full trust for root certificates
  • On Safari navigate to https://example.com and check for the connection request inside BurpSuite
    • Depending on the tested mobile application, traffic can be intercepted


Proxyman for iOS

🔗 Proxyman for iOS

  • Capture iOS network traffic (HTTP/HTTPS) without a Macbook
  • Standalone app, works independently from Proxyman for macOS
  • View HTTP/HTTPS Requests and Responses in plain text
  • FaceID and Passcode for data protection
  • Debugging tools like Map Local, Breakpoint, Block List, SSL Proxying List,No Caching
  • Share logs to Proxyman for macOS
  • other features

🔗 Atlantis for iOS - only for network inspectors

  • Automatically intercept all HTTP/HTTPS Traffic
  • Intercept WebSocket from iOS devices
  • Support iOS Physical Devices and Simulators
  • No need to configure HTTP Proxy or install/trust any Certificate
  • Review traffic logs from Proxyman for macOS
  • Categorize logs by app and devices
  • Install Proxyman for MacOS on a Mac device and follow the iOS Setup Guide to configure the proxy

SSL Pinning iOS

🔗 SSL Kill Switch 2 - (Old) tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

🔗 Objection

  • On a jailbroken device, Objection can be used to disable SSL Pinning and see HTTPS traffic using a proxy
# MacOS
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py
pip3 install --upgrade setuptools --break-system-packages
pip3 install objection --break-system-packages
pipx ensurepath
objection -g <AppName> explore -s "ios sslpinning disable"

Jailbreaking

❗ Use Jailbreaking with caution! Jailbreaking is legal in the US but may have legal implications in other countries.

🔗 iOS CFW Guide

Jailbreaking is the process of unlocking an iOS device to customize its functionality beyond Apple's restrictions, enabling the installation of custom apps and tweaks for a personalized user experience.

  • iOS prioritizes security and reliability with built-in protections against malware, viruses, but jailbreaking can compromise these safeguards, leading to security risks, instability, and reduced battery life
  • Jailbreaking iOS is necessary to conduct full iOS penetration testing
  • Types of jailbreak

📌 Follow my iOS Jailbreak Guide and make sure you always check for updated commands/guides before step into jailbreaking.