[OWASP-Delhi] iOS app pentest

Satya Sadhak dogged.learner at gmail.com
Tue Aug 4 16:07:33 UTC 2015

Hi Reuben,

You need:

   1. An ios device
   2. A Laptop
   3. Wifi connecting both of above

In Wifi settings of device set up proxy manually to route data through a
specified port on the laptop
On the specified port of laptop intercept the traffic using something like
burp/charles/fiddler etc.. Do set up the intercepting proxy to listen to
data from all hosts; by default they may only intercept requests from

if the app you need to test works on https you may additionally need to
install the certificate of the intercepting proxy on ios device for which
you may refer to following links:

   - http://www.telerik.com/blogs/using-fiddler-with-apple-ios-devices


---------- Forwarded message ----------
From: reuben kurien <reubengkurien at gmail.com>
Date: Tue, Aug 4, 2015 at 7:34 PM
Subject: [OWASP-Delhi] iOS app pentest
To: owasp-delhi at lists.owasp.org

Hi All,

Can anyone provide me some pointers on how to perform iOS app pentest when
Jailbreak is not possible (due to legal issues)?

I'm looking for test cases to be executed against native apps and methods
to perform them. I know that the options are greatly reduced without
jailbreak. But feel free to send across anything you think is relevant
since I'm a newbie to this.

Thanks in advance.


OWASP-Delhi mailing list
OWASP-Delhi at lists.owasp.org
LinkedIn Group: https://www.linkedin.com/groups?gid=89270
Twitter: https://twitter.com/OWASPdelhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150804/8c057718/attachment.html>

More information about the OWASP-Delhi mailing list