<div dir="ltr"><div class="gmail_extra">Hi Reuben,</div><div class="gmail_extra"><br></div><div class="gmail_extra">You need:</div><div class="gmail_extra"><ol><li>An ios device<br></li><li>A Laptop<br></li><li>Wifi connecting both of above<br></li></ol></div><div class="gmail_extra"><br></div><div class="gmail_extra">In Wifi settings of device set up proxy manually to route data through a specified port on the laptop</div><div class="gmail_extra">On the specified port of laptop intercept the traffic using something like burp/charles/fiddler etc.. Do set up the intercepting proxy to listen to data from all hosts; by default they may only intercept requests from localhost.</div><div class="gmail_extra"><br></div><div class="gmail_extra">if the app you need to test works on https you may additionally need to install the certificate of the intercepting proxy on ios device for which you may refer to following links:</div><div class="gmail_extra"><ul><li><a href="https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html">https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html</a><br></li><li><a href="http://www.telerik.com/blogs/using-fiddler-with-apple-ios-devices">http://www.telerik.com/blogs/using-fiddler-with-apple-ios-devices</a></li></ul><div>Regards,</div><div>Satya.</div></div><div class="gmail_extra"><br></div><div class="gmail_extra">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">reuben kurien</b> <span dir="ltr"><<a href="mailto:reubengkurien@gmail.com" target="_blank">reubengkurien@gmail.com</a>></span><br>Date: Tue, Aug 4, 2015 at 7:34 PM<br>Subject: [OWASP-Delhi] iOS app pentest<br>To: <a href="mailto:owasp-delhi@lists.owasp.org" target="_blank">owasp-delhi@lists.owasp.org</a><br><br><br><p dir="ltr">Hi All,</p><p dir="ltr">Can anyone provide me some pointers on how to perform iOS app pentest when Jailbreak is not possible (due to legal issues)?</p><p dir="ltr">I'm looking for test cases to be executed against native apps and methods to perform them. I know that the options are greatly reduced without jailbreak. But feel free to send across anything you think is relevant since I'm a newbie to this.</p><p dir="ltr">Thanks in advance.</p><p dir="ltr">Regards,<br>Reuben</p><br>_______________________________________________<br>OWASP-Delhi mailing list<br><a href="mailto:OWASP-Delhi@lists.owasp.org" target="_blank">OWASP-Delhi@lists.owasp.org</a><br><a href="https://lists.owasp.org/mailman/listinfo/owasp-delhi" rel="noreferrer" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-delhi</a><br>LinkedIn Group: <a href="https://www.linkedin.com/groups?gid=89270" rel="noreferrer" target="_blank">https://www.linkedin.com/groups?gid=89270</a><br>Twitter: <a href="https://twitter.com/OWASPdelhi" rel="noreferrer" target="_blank">https://twitter.com/OWASPdelhi</a><br></div></div>