search
PortfolioBugcrowdLinkedinYogoshaYoutube

iOS Application Penetration Testing

Welcome to our comprehensive guide on iOS App Penetration Testing. In this, we explore the essential techniques, tools, and methodologies used to identify vulnerabilities in iOS Application

Prerequisites

  • Mac device/Linux

  • iPhone (jailbroken)/iOS Simulators

  • Mobexler

hashtag
What is Jailbreaking in iOS?

Jailbreaking an iOS device gives testers elevated privileges and access to system files, allowing for in-depth security assessments. It makes it possible to install extra tools, change settings, and look into sensitive information. By bypassing iOS restrictions, jailbreaking provides root access and the ability to install apps that aren’t officially approved.

iOS Version Range
Jailbreak Tool

iOS 11–13.x

Checkra1n

iOS 12–14.x

unc0ver

iOS 14–15.x

Taurine, Odyssey

iOS 15–16.x

Palera1n (for checkm8 devices), Dopamine

hashtag
Types of Jailbreak

  • Tethered - Requires the device to be connected to a computer every time it boots

  • Untethered - A jailbreak that stays after reboots without external tools

  • Semi-Tethered - Device reboots without a computer, but jailbreak features need reactivation

  • Semi Untethered - The device can boot normally, but needs re-jailbreak (via an app) to regain access

circle-info

Fun Facts about iOS Applications

  • iOS Applications are installed as a Sandbox

  • We can not install unauthorized applications outside of the app store/test-flight

  • iOS applications have the extension of .ipa

hashtag
Cydia/Sileo

Cydia/Sileo is a third-party application installer similar to the App Store and developed for jailbroken iOS Devices. Most of the jailbreaks install cydia/sileo during jailbreaking in the device.

hashtag
Packages for Cydia/Sileo

  • Frida - https://build.frida.re

  • OpenSSH - http://apt.saurik.com/

  • Filza - https://tigisoftware.com/cydia/

  • AppSync Unified (for installing ad-hoc signed or unsigned applications) - https://cydia.akemi.ai/

  • Plutil - https://apt.bingner.com/

  • LibertyLite (Jailbreak Bypass) - https://ryleyangus.com/repo/

  • ABypass(Jailbreak Bypass) - https://repo.co.kr/

  • SSL Kill Switch(SSL Pinning Bypass) - https://julioverne.github.io/

hashtag
Test Cases

hashtag
Static Analysis

hashtag
Dynamic Analysis

hashtag
Vulnerable IPA

  • Damn Vulnerable iOS App (DVIA)

  • iGoat iOS

Last updated

Was this helpful?