[OWASP-Delhi] iOS app pentest
vishal.asthana at owasp.org
Wed Aug 5 16:47:29 UTC 2015
The following OWASP resource has quite a few pointers:
Can vouch for this as use it extensively while conducting native iOS app
On Wed, Aug 5, 2015 at 11:46 AM, reuben kurien <reubengkurien at gmail.com>
> Hi Satya,
> Thanks for taking the time to write this response. It's certainly helpful.
> Also, do you by any chance know how to test out client side security
> issues on the iPhone in case of no jailbreak?
> On 4 Aug 2015 21:37, "Satya Sadhak" <dogged.learner at gmail.com> wrote:
>> Hi Reuben,
>> You need:
>> 1. An ios device
>> 2. A Laptop
>> 3. Wifi connecting both of above
>> In Wifi settings of device set up proxy manually to route data through a
>> specified port on the laptop
>> On the specified port of laptop intercept the traffic using something
>> like burp/charles/fiddler etc.. Do set up the intercepting proxy to listen
>> to data from all hosts; by default they may only intercept requests from
>> if the app you need to test works on https you may additionally need to
>> install the certificate of the intercepting proxy on ios device for which
>> you may refer to following links:
>> - http://www.telerik.com/blogs/using-fiddler-with-apple-ios-devices
>> ---------- Forwarded message ----------
>> From: reuben kurien <reubengkurien at gmail.com>
>> Date: Tue, Aug 4, 2015 at 7:34 PM
>> Subject: [OWASP-Delhi] iOS app pentest
>> To: owasp-delhi at lists.owasp.org
>> Hi All,
>> Can anyone provide me some pointers on how to perform iOS app pentest
>> when Jailbreak is not possible (due to legal issues)?
>> I'm looking for test cases to be executed against native apps and methods
>> to perform them. I know that the options are greatly reduced without
>> jailbreak. But feel free to send across anything you think is relevant
>> since I'm a newbie to this.
>> Thanks in advance.
>> OWASP-Delhi mailing list
>> OWASP-Delhi at lists.owasp.org
>> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
>> Twitter: https://twitter.com/OWASPdelhi
> OWASP-Delhi mailing list
> OWASP-Delhi at lists.owasp.org
> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> Twitter: https://twitter.com/OWASPdelhi
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Delhi