Book Image

Learning iOS Penetration Testing

By : Yermalkar
Book Image

Learning iOS Penetration Testing

By: Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (11 chapters)
10
Index

Analyzing iOS binary


Along with reversing iOS apps and analyzing code, you can also perform analysis on binary to check whether it has implemented address space layout randomization (ASLR), and stack smashing protection.

There are many tools to perform iOS binary analysis.

Let's follow the given steps in order to explore the various tools to perform binary analysis:

  1. Download Mobile Security Framework (MobSF) from GitHub. MobSF is an intelligent, all-in-one open, source mobile application (Android/iOS) automated pen-testing framework developed by Ajin Abraham.

    First, you will have to start its server using the python manage.py runserver 127.0.0.1:8000 command:

  2. Once you start the server, open your browser and access the server's URL:

  3. Upload the iOS binary, select the Upload & Analyze option, and it will give you the results for iOS binary checks:

  4. You can also view the source code of application by selecting the class-dump option of MobSF. I would encourage you to explore this tool and study...