Dado1513
  • Dado1513 Pentest Notes
  • Introduction & Documentation
  • Pentesting Methodologies
  • External Recon Pentesting
  • Brute Force
  • LotL - Living off the Land
  • Pivoting Tunnelling and Port Forward
  • Active Directory
    • 🛠️Active Directory Enumeration & Attacks
    • 🛠️ACL/ACE Abuse
    • 🛠️ADCS
    • Kerberos Attack Cheatsheet
    • 🛠️Trust Attacks
  • Linux Pentesting
    • Linux Privilege Escalation
  • Windows Pentesting
    • Windows Privilege Escalation
  • Mobile Pentesting
    • 🛠️Android Application Pentesting
    • 🛠️iOS Application Pentesting
  • Cloud Pentest
    • 🛠️Cloud Pentesting
  • Wireless Pentesting
    • 🛠️WiFi Pentesting
  • Web Pentesting
    • 🛠️XSS Cheatsheet
    • 🛠️SQL Injection
  • OSINT
    • Google Dorks
  • Network Services Pentest
    • Attacking Common Services
    • 🛠️139,445 SMB
    • 🛠️161,162,10161,10162- Pentesting SNMP
    • 🛠️winrm
  • Tools
    • NetExec
    • chisel
    • bloodyAD
    • PowerView
    • certipy
    • sqlmap
    • mimikatz
    • mSFVenom Cheatsheet
    • Ligolo-ng
    • Rubeus
    • ldapsearch
Powered by GitBook
On this page
  • iOS PT Mindmap
  • Requirements
  • Useful
  • Reversing App
  • Framework
  • Dynamic Analysis
  • Tools
  • Resources
  1. Mobile Pentesting

iOS Application Pentesting

iOS PT Mindmap

Requirements

  • sudo pip install frida-tools

  • Setup libimobiledevice

Useful

  • Connect to device through usb

    • iproxy 2222 22

    • ssh -p 2222 alpine/root@localhost

  • Extracting IPA from iOS

    • frida-ios-dump

Reversing App

  • mv APP.ipa APP.zip

  • unzip APP.zip

  • mv Payload/App.app/* AppFiles/

  • Analyzing plist, json files

  • Dumping classes class-dump-z APP > dump.txt

  • Reversing using Ghidra

    • Ghidra Script

  • Reversing using radare2

    • r2frida

Framework

Flutter

  • reflutter -p file.ipa

  • jtool.ELF64 -S App for extracting _kDartIsolateSnapshotInstructions

  • Use reflutter-frida for hooking instruction (need output reflutter and above)

    • reflutter

Dynamic Analysis

SSL Pinning Bypass

  • Flutter

    • flutter-script

    • frida-flutter-proxy

    • burp-flutter-proxy

Binary Instrumentation

  • frida-ps -U

  • frida -U -n app_name -l script.js

  • frida -U -f bundleId -l script.js

  • frida-trace -m "*[ClassName methodName]"

    • frida-trace -U -f bundle_id -i "*cko*"

    • frida-trace -U YourApp -m "*[NSURL* *HTTP*]"

    • `frida-trace -U -f bundleId -m "-[WebView load*]

    • frida-trace -U -f BundleID -m "-[*WebView* *]

  • Frida Script

Interceptor.attach(Module.getExportByName('libc.so', 'read'), { 
	onEnter(args) { 
		this.fileDescriptor = args[0].toInt32(); 
	}, 
	onLeave(retval) { 
		if (retval.toInt32() > 0) { 
			/* do something with this.fileDescriptor */ 
		} 
	} 
});

  • objection

    • objection -g <bundle_id> explore

      • import script.js

Keychain

  • objection

    • ios keychain dump --json keychain_dump.json

ScreenMirroring

  • uxplay

Tools

  • Some Useful Tools

  • grapefruit

  • objection

  • class-dump-z

  • Ghidra

  • Hooper

  • iproxy

  • frida-cycript

  • frida-ios-dump

  • r2frida

Resources

  • ios-penetration-testing-cheatsheet

  • cycript

  • OWASP MASTG

  • Ghidra Reversing

  • iOS Tampering and Reversing OWASP MASTG

  • Hacktricks

  • https://github.com/Dado1513/frida-mobile-scripts/tree/master

  • Frida Script

    • Frida Code Share

    • Frida Mobile Script

    • frida.re

    • learnfrida.info

    • codeshare.frida.re

    • github.com/dweinstein/awesome-frida

    • github.com/interference-security/frida-scripts

  • Flutter

    • Flutter Proxy Openvpn

    • Flutter Proxy Openvpn2

PreviousAndroid Application PentestingNextCloud Pentesting

Last updated 2 months ago

🛠️