Book Image

Learning iOS Penetration Testing

By : Swaroop Yermalkar
Book Image

Learning iOS Penetration Testing

By: Swaroop Yermalkar

Overview of this book

iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This book will show you how to conduct a wide range of penetration tests on iOS devices to uncover vulnerabilities and strengthen the system from attacks. Learning iOS Penetration Testing discusses the common vulnerabilities and security-related shortcomings in an iOS application and operating system, and will teach you to conduct static and dynamic analysis of iOS applications. This practical guide will help you uncover vulnerabilities in iOS phones and applications. We begin with basics of iOS security and dig deep to learn about traffic analysis, code analysis, and various other techniques. Later, we discuss the various utilities, and the process of reversing and auditing.
Table of Contents (17 chapters)
Learning iOS Penetration Testing
Foreword – Why Mobile Security Matters
About the Author
About the Reviewer

Dynamic analysis on iOS Simulator

As we had studied in the Chapter 2, Setting up Lab for iOS App Pentesting, we can also use Cycript as an iOS Simulator. You can create any sample app and run it in the iOS Simulator.

Let's follow the given steps to use Cycript for apps running on iOS Simulator:

  1. Start the app in the iOS Simulator. We will use the same Dynamic Analysis Demo application:

  2. Find the PID of the application using the #ps command. You can run this command directly from your Mac terminal and hook Cycript to the target application's PID:

Now, you can perform all the operations we studied in the earlier section. You can print the methods and call the methods to modify application behavior.

So, dynamic analysis is one of the most important aspects when it comes to iOS applications developed in Objective-C. An attacker can change the application's behavior as per requirement.

Here, the problem is that the application allows debuggers to attach files. Application should crash if any debuggers...