Recently, I was tasked to perform pentesting of a mobile application (Later came to know it was an iOS/IPA app testing). However, earlier i had been pentesting mobile applications both for Android and iOS but my experience with Android has been more than iOS. Started to think how can i pentest an iOS application in a very different way rather following the same jailbroken pattern and so on.
0x01 : Prerequisite for Lab
In order to setup environment, following tools are required for an iOS app pentesting
1 — A Macbook
2 — An iPhone
3 — XCode
4 — Python (Above 3.x)
5 — Frida
6 — Objection
I’m pretty sure everyone of you are aware of the use of Macbook for the purpose of testing so I’ll move forward with the other parts of Tools in detailed
0x02 : Installation Of Tools
Once, all of the tools are in place, you need to create a developer account by singing up on developer.apple.com
You will be required to create an Apple ID in order to sign-up for developer account in case if you don’t have an apple ID. Once signed up, you can therefore navigate to the Downloads Section and on the download screen you’ll be able to find Links to download XCode for Macbook
Once downloaded, you can install it.
Now while XCode is in place, we need to install/upgrade our Python. Usually, python comes with version 2.7 which for now isn’t compatible with some of the tools mentioned above and you may face trouble while running them.
To verify your python installation, simply type :
“python3 — version”
If you’ve successfully installed/upgraded to latest version it will print out python version (In my case it says 3.7) on the screen.
While python is now in place, XCode Installed, we need to download other tools in order to get it up and running.
Stay tuned for Step 5 & Step 6 … !