Open in app

Sign in

Write

Sign in

iOS Application Vulnerability Assessment and Penetration Testing.

Rajanagori
4 min readJul 25, 2021

Honestly, I had to do this :D

A sweet and sweaty Hello from the city designed by the Swiss-French modernist architect, Le Corbusier to all my security researchers.

After the Android VAPT blog, I got the requests to make a blog on iOS too, so here it begins.

What is iOS?

Likewise, Android is a modified version of the Linux kernel, Windows 11 ❤, Linux ❤ same as iOS, a modified version of the UNIX platform provided by apple.

What do we do in iOS VAPT?

In iOS Vulnerability Assessment and Penetration Testing we perform
1. Static Application Testing
2. Dynamic Application Testing

All the above is okay, but what about jailbreaking the iPhone??
Yes, you heard it right. Like in Android we have to root the device in order to proceed with the VAPT same as in iOS we have to jailbreak the iPhone device in order to proceed further.

Well, When I was doing research some links was intercepted to me related to jailbreaking the device.
1. 3U tool
2. Altstore

I would prefer to go with 3uTools because it is more easy and pretty straightforward to jailbreak the iPhone device.

LET’S GET STARTED………

For 3utool, all you need is a USB cable, iPhone, and good internet.

I feel bad for the Linux users because 3utools is not available on the Linux Platform but we can try at least with wine software :D.
For windows, you can hit this link.
For Mac, you can hit this link.

Steps to jailbreak the device…

  1. Connect your iPhone with your laptop but first, don't forget to install the 3utools.
  2. After connecting with your laptop, tap on the trust button on your phone.

3. After getting the mobile display, you need to click the flash button under the smart flash section.

4. Now sit relax and wait till the process gets completed.

5. When you have done the above process then go to the next parent step for jailbreaking, you need to download and install unc0ver.

6. Open the installed application and click on the Jailbreak button.

I have already jailbreak the device.

7. And now wait till the process is done. Once it is done now you are ready to perform cool pieces of stuff.

Now, what next ???

You need to install an almighty application Cydia.

After Installing the Cydia application, next you need to add multiple sources from which you can install the packages and add your application for further process.

But why need to install Cydia and packages provided by Cydia ???????

Remember in android we have to perform root detection bypass and SSL pinning bypass in rooted in order to run the application in rooted devices with completed root user-level permissions same thing we need to do in iOS applications.

I’m Sharing some repo build names from which you can easily bypass the jailbreak detection error and can intercept the HTTP request in burpsuite from the application itself.

  1. https://apt.bingner.com
  2. http://apt.thebigboss.org/repofiles/cydia/
  3. https://build.frida.re/
  4. https://repo.chariz.com/
  5. https://repo.dynastic.co/
  6. https://repo.hackyouriphone.org/
  7. https://cydia.angelxwind.net/
  8. http://apt.modmyi.com/
  9. https://rpetri.ch/repo/
  10. http://cydia.zodttd.com/repo/cydia/
  11. com.ryleyangus.libertylite.beta

After adding the repos you need to add your application in order to bypass root detection and SSL Pinning.

Click on Liberty Lite
Enable the module and click the ankle button
Swipe right the toggle to a specific application

Or you can go with the Frida and Objection framework. For installation, you only need to install python

Modules that you need to install :
1. Python Virtual Environment.
2. Objection using pip.
3. Your highly focused and trained brain.

Commands you need to fire when start testing

After getting the session started in the objection framework, you need to perform some pre-sets of commands in order to get the details from the running dynamic application.

Below, I’ve mentioned some commands

  1. To disable jailbreak detection
    ios jailbreak disable
  2. To disable SSL pinning Detection
    ios sslpinning disable — quiet
  3. To Inspect the Binary Infomation
    ios info binary
  4. Dump the key chain
    ios keychain dump
  5. Explore the app structure
    ls
    env
  6. Getting information from the plist.info file
    ios plist cat Info.plist
  7. Check for Other data stores for sensitive information
    ios nsurlcredentialstorage dump
    ios nsuserdefaults get
    ios cookies get

Conclusion

Today, we've learned almost each and every possible way to start testing the VAPT on the iOS application.

If you find this blog useful then give clap and share as much as you can.

you can reach me on Linkedin:

Raja Nagori - Information Security Consultant - TAC Security | LinkedIn

I'm Passionate about information security and I'm consistently working on my technical skills. I have the curiosity to…

www.linkedin.com

you can go through with my Pentester Docker Image as well…

GitHub - RAJANAGORI/Nightingale: It's a Docker Environment of the KALI-Linux having all the…

This Docker image contains some useful tools that are highly required for penetration testing and which is platform…

github.com

Cybersecurity
Ios Penetration Testing
Ethical Hacking
Information Security
Ssl Certificate

--

--

Rajanagori

Written by Rajanagori

142 Followers

Cyber Security Professional

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams