[OWASP-Delhi] iOS app pentest

reuben kurien reubengkurien at gmail.com
Mon Aug 10 05:18:48 UTC 2015


Hi Vishal,

Indeed this has a lot of information to get me started with. Thanks a lot.

And sorry for the late response.

Regards,
Reuben
On 5 Aug 2015 22:17, "Vishal A." <vishal.asthana at owasp.org> wrote:

> Hi Reuben,
>
> The following OWASP resource has quite a few pointers:
>
> https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet
>
> Can vouch for this as use it extensively while conducting native iOS app
> assessments.
>
> Vishal
>
> On Wed, Aug 5, 2015 at 11:46 AM, reuben kurien <reubengkurien at gmail.com>
> wrote:
>
>> Hi Satya,
>>
>> Thanks for taking the time to write this response. It's certainly helpful.
>>
>> Also, do you by any chance know how to test out client side security
>> issues on the iPhone in case of no jailbreak?
>>
>> Regards,
>> Reuben
>> On 4 Aug 2015 21:37, "Satya Sadhak" <dogged.learner at gmail.com> wrote:
>>
>>> Hi Reuben,
>>>
>>> You need:
>>>
>>>    1. An ios device
>>>    2. A Laptop
>>>    3. Wifi connecting both of above
>>>
>>>
>>> In Wifi settings of device set up proxy manually to route data through a
>>> specified port on the laptop
>>> On the specified port of laptop intercept the traffic using something
>>> like burp/charles/fiddler etc.. Do set up the intercepting proxy to listen
>>> to data from all hosts; by default they may only intercept requests from
>>> localhost.
>>>
>>> if the app you need to test works on https you may additionally need to
>>> install the certificate of the intercepting proxy on ios device for which
>>> you may refer to following links:
>>>
>>>    -
>>>    https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html
>>>    - http://www.telerik.com/blogs/using-fiddler-with-apple-ios-devices
>>>
>>> Regards,
>>> Satya.
>>>
>>> ---------- Forwarded message ----------
>>> From: reuben kurien <reubengkurien at gmail.com>
>>> Date: Tue, Aug 4, 2015 at 7:34 PM
>>> Subject: [OWASP-Delhi] iOS app pentest
>>> To: owasp-delhi at lists.owasp.org
>>>
>>>
>>> Hi All,
>>>
>>> Can anyone provide me some pointers on how to perform iOS app pentest
>>> when Jailbreak is not possible (due to legal issues)?
>>>
>>> I'm looking for test cases to be executed against native apps and
>>> methods to perform them. I know that the options are greatly reduced
>>> without jailbreak. But feel free to send across anything you think is
>>> relevant since I'm a newbie to this.
>>>
>>> Thanks in advance.
>>>
>>> Regards,
>>> Reuben
>>>
>>> _______________________________________________
>>> OWASP-Delhi mailing list
>>> OWASP-Delhi at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>>> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
>>> Twitter: https://twitter.com/OWASPdelhi
>>>
>>
>> _______________________________________________
>> OWASP-Delhi mailing list
>> OWASP-Delhi at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
>> Twitter: https://twitter.com/OWASPdelhi
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150810/414d9b17/attachment.html>


More information about the OWASP-Delhi mailing list