Android
See Android.
iOS
- Secure Mobile Development (GitHub)
- https://github.com/OWASP/owasp-masvs/tree/master/Document
- iOS Pentesting Checklist (HackTricks)
- OWASP Mobile Security Testing Guide (iOS)
Options
- Use an Emulator (requires a Mac M1)
- Use an iPhone/iPad and set to dev mode
- Use a rooted iPhone/iPad
General ideas…
- Request the application file (.ipa) to look at resources. Files with the .ipa extension can be uncompressed by changing the extension to .zip and unzipping.
- On a rooted iPhone/iPad, check the file system and what the information the application saves.
- SSH on the iPhone/iPad. Credentials should be root:alpine
Intercept requests using Burp Suite
💡 No need to jailbreak the iPhone/iPad.
❗ If the application uses certificate pinning, it will not work. Workaround is to use tools like Cydia.
Configure listener in Burp Suite
Use the IP address from the Wifi or any network that the web app will try to connect to.
ipconfig /allIn Burp, in Proxy->Options, under Proxy Listeners, edit the listener to bind on “All interfaces” instead of “Loopback only”.
Install Burp certificate on the iPhone/iPad
See Configuring an iOS Device to Work With Burp and Installing Burp’s CA Certificate in an iOS Device.
- Start Burp
- On iOS, open Safari and go to http://burpsuite
- Click Install to install the profile.
- On the iPhone/iPad, go to Settings->General->About->Certificate Trust Settings.
- Under “Enable full trust for root certificates”, turn on trust for the Portswigger certificate.
Setup proxy to Burp in iOS
Go into the Wifi settings and setup manual proxy to Burp
- Go to Settings and click Wi-Fi.
- Select the active Wi-Fi connection.
- Under HTTP proxy, click Configure Proxy and select Manual.
- On the Server field, enter a HTTP Proxy hostname or IP address.
- On Port, enter 443.
- Click Save.