Introduction toiOS Mobile Application Penetration Testing

@y3dips1 Dekade ECHO.OR.ID

MobileSmartphone

www.astanos.ch/img/apple-android-windows-mobile-blackberry-logo.png

http://www.wired.com/gadgetlab/2012/02/meet-the-asus-padfone-the-phone-thats-a-tablet-thats-a-notebook/

Mobile Infrastructure

http://mobile.infostretch.com/images/application-architecture.jpg

http://conwet.fi.upm.es/morfeo-project/mymobileweb_blog/wp-content/uploads/2009/04/mymw_architecture_overview.png

http://www.ipfaces.org/sites/default/files/images/schema.gif

Mobile Infrastructure

Mobile Client/ Application

Communication Channel

Server Side Infrastructure

Mobile Infrastructure

Mobile Client/Application

Communication Channel

Server Side Infrastructure

Facteur d'attaque

Information Disclosure

Insecure File Permission

Authentication & Authorization

Session Management

Logic (Business) Testing

Data Protection

Client Side Injection

Decompiling Etc.

Attack Vector

ວiທ$ການ

Methodology

Analysis ExploitationReport &

QAInformation Gathering

http://www.ibroadcastnetwork.org/images/uploads/ios-logo.png

http://cdn3.sbnation.com/entry_photo_images/8958675/iosguide_1020_new_large_verge_super_wide.jpg

Inventory

Jailbroken Device Decompiler Analysis

Tools

ProxySecurity Tools

Hacker’s Mind

Cheat Sheet Applica'on_home /var/mobile/Applica.ons/[folder]/app_name

Config  files Applica.on_Home/Library/Preferences/app_name.plist

Database .db,  .sqlite,  .sqlite3,  *

Cache Applica.on_Home/Library/Caches

Cookies cookies.binarycookies  |  copy  read  with  binarycookies.py

Logs see  logs  via    iphone  configura.on  u.lity

List  Running  Apps ps  -­‐axf

Decompiler/Disassembler otool,  class-­‐dump-­‐o,  class-­‐dump-­‐z,  gdb

Analysis  Tools/Framework snoop-­‐it  ,  cycript

Cycript

Objective-Javascript

www.cycript.org

Hook into a running process of the application

Cycript

Snoop-it

Dynamic Analysis Tools

Runtime Tracing Capabilities

Invoke Arbitrary methods at runtime

Bypass basic Jailbreak detection

Snoop-it

Proof-Of-concept

Proof of concept

Proof of concept

Proof of concept

Proof of concept

Proof of concept

Snoop-it

ReferenceIOS Application Security Testing Cheat Sheet - http://owasp.org

Series of article "Penetration testing of iPhone applications" - http://securitylearn.net

Snoop-it official page https://code.google.com/p/snoop-it

Cycript Tricks http://iphonedevwiki.net/index.php/Cycript_Tricks

http://sciencetoybox.com/images/Procedures/Raising_hands.jpg