Mobile Applications

Android

See Android.

iOS

Options

  • Use an Emulator (requires a Mac M1)
  • Use an iPhone/iPad and set to dev mode
  • Use a rooted iPhone/iPad

General ideas…

  • Request the application file (.ipa) to look at resources. Files with the .ipa extension can be uncompressed by changing the extension to .zip and unzipping.
  • On a rooted iPhone/iPad, check the file system and what the information the application saves.
  • SSH on the iPhone/iPad. Credentials should be root:alpine

Intercept requests using Burp Suite

No need to jailbreak the iPhone/iPad.

If the application uses certificate pinning, it will not work. Workaround is to use tools like Cydia.

Configure listener in Burp Suite

Use the IP address from the Wifi or any network that the web app will try to connect to.

ipconfig /all

In Burp, in Proxy->Options, under Proxy Listeners, edit the listener to bind on “All interfaces” instead of “Loopback only”.

Install Burp certificate on the iPhone/iPad

See Configuring an iOS Device to Work With Burp and Installing Burp’s CA Certificate in an iOS Device.

  • Start Burp
  • On iOS, open Safari and go to http://burpsuite
  • Click Install to install the profile.
  • On the iPhone/iPad, go to Settings->General->About->Certificate Trust Settings.
  • Under “Enable full trust for root certificates”, turn on trust for the Portswigger certificate.

Setup proxy to Burp in iOS

Go into the Wifi settings and setup manual proxy to Burp

  • Go to Settings and click Wi-Fi.
  • Select the active Wi-Fi connection.
  • Under HTTP proxy, click Configure Proxy and select Manual.
  • On the Server field, enter a HTTP Proxy hostname or IP address.
  • On Port, enter 443.
  • Click Save.