Dynamic analysis using Cycript
Cycript is one the most popular tools used for runtime analysis of iOS apps. It's a JavaScript interpreter that also understands Objective-C syntax. The idea is to hook Cycript in the target application's process ID and perform actions using JavaScript or Objective-C or both. I would encourage you to go through its documentation in order to understand its functionality in depth.
In dynamic analysis, the important aspect is method swizzling. Method swizzling is changing the behavior/functionality of a method at runtime. To perform method swizzling, we require information about the methods that are used in backend for the application. The idea is as follows:
Reverse engineer the application using techniques that we studied in the previous chapters and understand the source code/methods
Call the appropriate method that is responsible for authentication
We will use the Dynamic Analysis Demo app provided with this chapter in order to demonstrate the runtime analysis...