Post on 18-May-2015
description
Introduction toiOS Mobile Application Penetration Testing
@y3dips1 Dekade ECHO.OR.ID
MobileSmartphone
www.astanos.ch/img/apple-android-windows-mobile-blackberry-logo.png
http://www.wired.com/gadgetlab/2012/02/meet-the-asus-padfone-the-phone-thats-a-tablet-thats-a-notebook/
Mobile Infrastructure
http://mobile.infostretch.com/images/application-architecture.jpg
http://conwet.fi.upm.es/morfeo-project/mymobileweb_blog/wp-content/uploads/2009/04/mymw_architecture_overview.png
http://www.ipfaces.org/sites/default/files/images/schema.gif
Mobile Infrastructure
Mobile Client/ Application
Communication Channel
Server Side Infrastructure
Mobile Infrastructure
Mobile Client/Application
Communication Channel
Server Side Infrastructure
Facteur d'attaque
Information Disclosure
Insecure File Permission
Authentication & Authorization
Session Management
Logic (Business) Testing
Data Protection
Client Side Injection
Decompiling Etc.
Attack Vector
ວiທ$ການ
Methodology
Analysis ExploitationReport &
QAInformation Gathering
http://www.ibroadcastnetwork.org/images/uploads/ios-logo.png
http://cdn3.sbnation.com/entry_photo_images/8958675/iosguide_1020_new_large_verge_super_wide.jpg
Inventory
Jailbroken Device Decompiler Analysis
Tools
ProxySecurity Tools
Hacker’s Mind
Cheat Sheet Applica'on_home /var/mobile/Applica.ons/[folder]/app_name
Config files Applica.on_Home/Library/Preferences/app_name.plist
Database .db, .sqlite, .sqlite3, *
Cache Applica.on_Home/Library/Caches
Cookies cookies.binarycookies | copy read with binarycookies.py
Logs see logs via iphone configura.on u.lity
List Running Apps ps -‐axf
Decompiler/Disassembler otool, class-‐dump-‐o, class-‐dump-‐z, gdb
Analysis Tools/Framework snoop-‐it , cycript
Cycript
Objective-Javascript
www.cycript.org
Hook into a running process of the application
Cycript
Snoop-it
Dynamic Analysis Tools
Runtime Tracing Capabilities
Invoke Arbitrary methods at runtime
Bypass basic Jailbreak detection
Snoop-it
Proof-Of-concept
Proof of concept
Proof of concept
Proof of concept
Proof of concept
Proof of concept
Snoop-it
ReferenceIOS Application Security Testing Cheat Sheet - http://owasp.org
Series of article "Penetration testing of iPhone applications" - http://securitylearn.net
Snoop-it official page https://code.google.com/p/snoop-it
Cycript Tricks http://iphonedevwiki.net/index.php/Cycript_Tricks
http://sciencetoybox.com/images/Procedures/Raising_hands.jpg