introduction to ios application penetration testing

Report

Tags:

Post on 18-May-2015

2.008 Views

Category:

Technology

2 Downloads

Preview:

Click to see full reader

DESCRIPTION

Introduction to IOS Application Penetration Testing - Materi Seminar pada 1 Dekade Echo 1dekade.echo.or.id

TRANSCRIPT

Introduction toiOS Mobile Application Penetration Testing

@y3dips1 Dekade ECHO.OR.ID

MobileSmartphone

www.astanos.ch/img/apple-android-windows-mobile-blackberry-logo.png

http://www.wired.com/gadgetlab/2012/02/meet-the-asus-padfone-the-phone-thats-a-tablet-thats-a-notebook/

Mobile Infrastructure

http://mobile.infostretch.com/images/application-architecture.jpg

http://conwet.fi.upm.es/morfeo-project/mymobileweb_blog/wp-content/uploads/2009/04/mymw_architecture_overview.png

http://www.ipfaces.org/sites/default/files/images/schema.gif

Mobile Infrastructure

Mobile Client/ Application

Communication Channel

Server Side Infrastructure

Mobile Infrastructure

Mobile Client/Application

Communication Channel

Server Side Infrastructure

Facteur d'attaque

Information Disclosure

Insecure File Permission

Authentication & Authorization

Session Management

Logic (Business) Testing

Data Protection

Client Side Injection

Decompiling Etc.

Attack Vector

ວiທ$ການ

Methodology

Analysis ExploitationReport &

QAInformation Gathering

http://www.ibroadcastnetwork.org/images/uploads/ios-logo.png

http://cdn3.sbnation.com/entry_photo_images/8958675/iosguide_1020_new_large_verge_super_wide.jpg

Inventory

Jailbroken Device Decompiler Analysis

Tools

ProxySecurity Tools

Hacker’s Mind

Cheat Sheet Applica'on_home /var/mobile/Applica.ons/[folder]/app_name

Config  files Applica.on_Home/Library/Preferences/app_name.plist

Database .db,  .sqlite,  .sqlite3,  *

Cache Applica.on_Home/Library/Caches

Cookies cookies.binarycookies  |  copy  read  with  binarycookies.py

Logs see  logs  via    iphone  configura.on  u.lity

List  Running  Apps ps  -­‐axf

Decompiler/Disassembler otool,  class-­‐dump-­‐o,  class-­‐dump-­‐z,  gdb

Analysis  Tools/Framework snoop-­‐it  ,  cycript

Cycript

Objective-Javascript

www.cycript.org

Hook into a running process of the application

Cycript

Snoop-it

Dynamic Analysis Tools

Runtime Tracing Capabilities

Invoke Arbitrary methods at runtime

Bypass basic Jailbreak detection

Snoop-it

Proof-Of-concept

Proof of concept

Proof of concept

Proof of concept

Proof of concept

Proof of concept

Snoop-it

ReferenceIOS Application Security Testing Cheat Sheet - http://owasp.org

Series of article "Penetration testing of iPhone applications" - http://securitylearn.net

Snoop-it official page https://code.google.com/p/snoop-it

Cycript Tricks http://iphonedevwiki.net/index.php/Cycript_Tricks

http://sciencetoybox.com/images/Procedures/Raising_hands.jpg

top related

penetration testing basics
Technology
ios application penetration testing for beginners
Technology
information sheet penetration testing...vulnerability...
Documents
penetration testing professional
Documents
penetration testing introduction to ios - skosowski.com ·...
Documents
wireless penetration testing
Documents
penetration testing methodologies testing... · penetration...
Documents
owasp melbourne - introduction to ios application...
Technology
custom penetration testing - sans sims - custom... ·...
Documents
firewall penetration testing
Technology
introduction to ios penetration testing
Internet
writing a penetration testing report - abaxio · (sample...
Documents
penetration testing presentation
Documents
backtrack 5 wireless penetration testing beginner's...
Documents
web applications penetration...
Documents
penetration testing report - e-spin group · penetration...
Documents
penetration testing methodology
Documents
penetration testing network & perimeter testing
Documents
penetration testing - perspective risk · pdf filea provider...
Documents
web application penetration testing · penetration testing...
Documents