Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Intercepting traffic over HTTPS

Now, with the previous setup, if we try to open any HTTPS site, we will simply be unable to open it due to the invalid SSL certificate, as shown in the following screenshot:

Here, we need to first generate Burp Suite CA certificate on the local system and then install it on iDevice.

Let's follow the given steps to intercept an iOS application's HTTPS traffic:

  1. Set the Burp Suite in order to listen on the loopback address only. It will intercept our base system's network traffic:

  2. Now, Burp Suite proxy is ready to listen traffic coming only from

  3. Open the Mozilla Firefox browser and set the HTTP Proxy configuration as and Port as 8080:

  4. Open your browser and access the address, download CA Certificate on your local system, and export it to iDevice. You can generally send it by an e-mail:

  5. Once you install the certificate on iDevice, you will observe the Verified sign on the certificate:


    Make sure that you are using the pentesting...