Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Intercepting traffic over HTTP

Web app pentesters must be familiar with interception of web traffic using proxy tools. We will use one of the popular proxy tool, Burp Suite, to view or modify the traffic between an iOS application and backend APIs. The overall process of intercepting an iOS application traffic using Windows and Mac is almost the same.

So let's follow the mentioned steps to intercept the iOS application traffic with backend web APIs:

  1. Download the free version of Burp Suite from Once you start the jar file, you will observe the view as shown in the following:

  2. You need to set Burp Proxy to listen on all interfaces. So, navigate to Proxy | Options and set proxy to listen for all interfaces, as follows:

  3. Now, check the IP address of your base system where Burp Suite is running. In Windows, you can open the command prompt and type the ipconfig command to see the IP address. On a Mac system, you can check the IP address with Network option...