Interested in learning iOS Penetration Testing?
Here is how you can start ๐๐งต
#bugbounty #bugbountytips #cybersecurity #hacking
Here is how you can start ๐๐งต
#bugbounty #bugbountytips #cybersecurity #hacking
Requirements:
- Mac (Intel/M1/M2) Or Mobexler virtual machine (Apple proprietary tools not available)
- Jailbroken iPhone Or Corellium virtual iOS device
- Mac (Intel/M1/M2) Or Mobexler virtual machine (Apple proprietary tools not available)
- Jailbroken iPhone Or Corellium virtual iOS device
Starting iOS App Pentest:
- Reverse engineer the IPA to check for hardcoded secrets, sensitive info etc. (Book Ref: amazon.com)
- Run MobSF static analysis, review the findings and manually validate the interesting points
- Reverse engineer the IPA to check for hardcoded secrets, sensitive info etc. (Book Ref: amazon.com)
- Run MobSF static analysis, review the findings and manually validate the interesting points
- Install the IPA on jailbroken test device {Use AppSync unified/Re-sign with iOS App signer (dev account needed)}
- Run the app --> capture traffic (SSL pinning bypass with Frida/Objections)
- Perform all API related test cases
- Run the app --> capture traffic (SSL pinning bypass with Frida/Objections)
- Perform all API related test cases
- Test Deeplinks, insecure local storage, logic bypass with response modification etc.
- Find more interesting test cases from the info you gained so far
- Find more interesting test cases from the info you gained so far
Resources:
- Mobexler: mobexler.com
- Everything you need to know about Mobexler: youtu.be
- Mobile Application Security Verification Standard: mas.owasp.org
- Jailbreaking steps: ios.cfw.guide
#ios #pentesting #infosec
- Mobexler: mobexler.com
- Everything you need to know about Mobexler: youtu.be
- Mobile Application Security Verification Standard: mas.owasp.org
- Jailbreaking steps: ios.cfw.guide
#ios #pentesting #infosec
Loading suggestions...