[OWASP-Delhi] iOS app pentest

Satya Sadhak dogged.learner at gmail.com
Tue Aug 4 16:07:33 UTC 2015


Hi Reuben,

You need:

   1. An ios device
   2. A Laptop
   3. Wifi connecting both of above


In Wifi settings of device set up proxy manually to route data through a
specified port on the laptop
On the specified port of laptop intercept the traffic using something like
burp/charles/fiddler etc.. Do set up the intercepting proxy to listen to
data from all hosts; by default they may only intercept requests from
localhost.

if the app you need to test works on https you may additionally need to
install the certificate of the intercepting proxy on ios device for which
you may refer to following links:

   -
   https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html
   - http://www.telerik.com/blogs/using-fiddler-with-apple-ios-devices

Regards,
Satya.

---------- Forwarded message ----------
From: reuben kurien <reubengkurien at gmail.com>
Date: Tue, Aug 4, 2015 at 7:34 PM
Subject: [OWASP-Delhi] iOS app pentest
To: owasp-delhi at lists.owasp.org


Hi All,

Can anyone provide me some pointers on how to perform iOS app pentest when
Jailbreak is not possible (due to legal issues)?

I'm looking for test cases to be executed against native apps and methods
to perform them. I know that the options are greatly reduced without
jailbreak. But feel free to send across anything you think is relevant
since I'm a newbie to this.

Thanks in advance.

Regards,
Reuben

_______________________________________________
OWASP-Delhi mailing list
OWASP-Delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi
LinkedIn Group: https://www.linkedin.com/groups?gid=89270
Twitter: https://twitter.com/OWASPdelhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150804/8c057718/attachment.html>


More information about the OWASP-Delhi mailing list