[OWASP-Delhi] iOS app pentest

reuben kurien reubengkurien at gmail.com
Wed Aug 5 06:16:22 UTC 2015


Hi Satya,

Thanks for taking the time to write this response. It's certainly helpful.

Also, do you by any chance know how to test out client side security issues
on the iPhone in case of no jailbreak?

Regards,
Reuben
On 4 Aug 2015 21:37, "Satya Sadhak" <dogged.learner at gmail.com> wrote:

> Hi Reuben,
>
> You need:
>
>    1. An ios device
>    2. A Laptop
>    3. Wifi connecting both of above
>
>
> In Wifi settings of device set up proxy manually to route data through a
> specified port on the laptop
> On the specified port of laptop intercept the traffic using something like
> burp/charles/fiddler etc.. Do set up the intercepting proxy to listen to
> data from all hosts; by default they may only intercept requests from
> localhost.
>
> if the app you need to test works on https you may additionally need to
> install the certificate of the intercepting proxy on ios device for which
> you may refer to following links:
>
>    -
>    https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html
>    - http://www.telerik.com/blogs/using-fiddler-with-apple-ios-devices
>
> Regards,
> Satya.
>
> ---------- Forwarded message ----------
> From: reuben kurien <reubengkurien at gmail.com>
> Date: Tue, Aug 4, 2015 at 7:34 PM
> Subject: [OWASP-Delhi] iOS app pentest
> To: owasp-delhi at lists.owasp.org
>
>
> Hi All,
>
> Can anyone provide me some pointers on how to perform iOS app pentest when
> Jailbreak is not possible (due to legal issues)?
>
> I'm looking for test cases to be executed against native apps and methods
> to perform them. I know that the options are greatly reduced without
> jailbreak. But feel free to send across anything you think is relevant
> since I'm a newbie to this.
>
> Thanks in advance.
>
> Regards,
> Reuben
>
> _______________________________________________
> OWASP-Delhi mailing list
> OWASP-Delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> Twitter: https://twitter.com/OWASPdelhi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150805/a0ad7399/attachment.html>


More information about the OWASP-Delhi mailing list