Book Image

Mobile Application Penetration Testing

By : Vijay Kumar Velu
Book Image

Mobile Application Penetration Testing

By: Vijay Kumar Velu

Overview of this book

Mobile security has come a long way over the last few years. It has transitioned from "should it be done?" to "it must be done!"Alongside the growing number of devises and applications, there is also a growth in the volume of Personally identifiable information (PII), Financial Data, and much more. This data needs to be secured. This is why Pen-testing is so important to modern application developers. You need to know how to secure user data, and find vulnerabilities and loopholes in your application that might lead to security breaches. This book gives you the necessary skills to security test your mobile applications as a beginner, developer, or security practitioner. You'll start by discovering the internal components of an Android and an iOS application. Moving ahead, you'll understand the inter-process working of these applications. Then you'll set up a test environment for this application using various tools to identify the loopholes and vulnerabilities in the structure of the applications. Finally, after collecting all information about these security loop holes, we'll start securing our applications from these threats.
Table of Contents (15 chapters)
Mobile Application Penetration Testing
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Building a remote tracer using LLDB


As we learned in the previous chapters, the importance of Objective C's ability is to make decisions during the runtime rather than using traditional function calls or through vtables for dispatching dynamically. So, in this section, we will be building a tracer to monitor objc_msgSend() just a like a proxy to understand what are the different behaviors of our target app during runtime. The purpose of building a tracer is to debug and disassemble an iOS app remotely using LLDB; this will help the testers and app developers understand the remote behavior of the app assembly level.

The following steps are involved in tracing an iOS remotely:

  1. We will be starting debugserver, which we set up, and listening on port 1234, as shown in the following figure:

  2. Launch the lldb debugger from your MAC OS X and connect to the remote process, as demonstrated in the following screenshot, by connecting through process connect connect://remote-ip:port:

  3. Now we are all set to...