Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Intercepting traffic of iOS Simulator

If you are performing iOS app pentesting using the iOS Simulator, then you will need to intercept the iOS Simulator's network traffic.

The iOS Simulator uses the same network settings as your Mac system. So, if your Mac system is connected to the Internet, you can use the same network to access websites from the simulator:

To intercept traffic, we need to make changes in the network settings of Mac, which will reflect in the iOS Simulator. Follow the given steps to intercept iOS Simulator's network traffic over HTTP and HTTPS:

  1. Set the Burp Suite option to listen on all the interfaces, as we did it earlier:

  2. Configure your Mac system's Network settings to proxy traffic through the local IP address, that is, and port number 8080:

  3. Save all settings. These same network settings will be shared by your iOS Simulator. Now, open any HTTP site in iOS Simulator while the interception is on and you will observe all the traffic in Burp Suite:

However, if you...