Dynamic analysis on iOS Simulator
As we had studied in the Chapter 2, Setting up Lab for iOS App Pentesting, we can also use Cycript as an iOS Simulator. You can create any sample app and run it in the iOS Simulator.
Let's follow the given steps to use Cycript for apps running on iOS Simulator:
Start the app in the iOS Simulator. We will use the same Dynamic Analysis Demo application:
Find the PID of the application using the
#ps
command. You can run this command directly from your Mac terminal and hook Cycript to the target application's PID:
Now, you can perform all the operations we studied in the earlier section. You can print the methods and call the methods to modify application behavior.
So, dynamic analysis is one of the most important aspects when it comes to iOS applications developed in Objective-C. An attacker can change the application's behavior as per requirement.
Here, the problem is that the application allows debuggers to attach files. Application should crash if any debuggers...