iOS Application Pentesting
Last updated
Last updated
sudo pip install frida-tools
Setup
Connect to device through usb
iproxy 2222 22
ssh -p 2222 alpine/root@localhost
Extracting IPA from iOS
mv APP.ipa APP.zip
unzip APP.zip
mv Payload/App.app/* AppFiles/
Analyzing plist
, json
files
Dumping classes class-dump-z APP > dump.txt
Reversing using Ghidra
Reversing using radare2
reflutter -p file.ipa
jtool.ELF64 -S App
for extracting _kDartIsolateSnapshotInstructions
Flutter
frida-ps -U
frida -U -n app_name -l script.js
frida -U -f bundleId -l script.js
frida-trace -m "*[ClassName methodName]"
frida-trace -U -f bundle_id -i "*cko*"
frida-trace -U YourApp -m "*[NSURL* *HTTP*]"
`frida-trace -U -f bundleId -m "-[WebView load*]
frida-trace -U -f BundleID -m "-[*WebView* *]
Frida Script
objection
objection -g <bundle_id> explore
import script.js
objection
ios keychain dump --json keychain_dump.json
https://github.com/Dado1513/frida-mobile-scripts/tree/master
Frida Script
Flutter
Use for hooking instruction (need output reflutter and above)