iOS Application Penetration Testing
Welcome to our comprehensive guide on iOS App Penetration Testing. In this, we explore the essential techniques, tools, and methodologies used to identify vulnerabilities in iOS Application
Prerequisites
Mac device/Linux
iPhone (jailbroken)/iOS Simulators
Mobexler
What is Jailbreaking in iOS?
Jailbreaking an iOS device gives testers elevated privileges and access to system files, allowing for in-depth security assessments. It makes it possible to install extra tools, change settings, and look into sensitive information. By bypassing iOS restrictions, jailbreaking provides root access and the ability to install apps that aren’t officially approved.
iOS 11–13.x
Checkra1n
iOS 12–14.x
unc0ver
iOS 14–15.x
Taurine, Odyssey
iOS 15–16.x
Palera1n (for checkm8 devices), Dopamine
Types of Jailbreak
Tethered - Requires the device to be connected to a computer every time it boots
Untethered - A jailbreak that stays after reboots without external tools
Semi-Tethered - Device reboots without a computer, but jailbreak features need reactivation
Semi Untethered - The device can boot normally, but needs re-jailbreak (via an app) to regain access
Cydia/Sileo
Cydia/Sileo is a third-party application installer similar to the App Store and developed for jailbroken iOS Devices. Most of the jailbreaks install cydia/sileo during jailbreaking in the device.
Packages for Cydia/Sileo
Frida - https://build.frida.re
OpenSSH - http://apt.saurik.com/
Filza - https://tigisoftware.com/cydia/
AppSync Unified (for installing ad-hoc signed or unsigned applications) - https://cydia.akemi.ai/
Plutil - https://apt.bingner.com/
LibertyLite (Jailbreak Bypass) - https://ryleyangus.com/repo/
ABypass(Jailbreak Bypass) - https://repo.co.kr/
SSL Kill Switch(SSL Pinning Bypass) - https://julioverne.github.io/
Test Cases
Static Analysis
Dynamic Analysis
Vulnerable IPA
Damn Vulnerable iOS App (DVIA)
iGoat iOS
Last updated
Was this helpful?