10. iOS Dynamic Analysis

BurpSuite

πŸ”— Configuring an iOS device to work with Burp Suite

Install and configure Burpsuite following the same steps here.

  • Configure the device to use the proxy

    • Settings > Wi-Fi > Info button > Configure Proxy

    • Use Manual to set the Proxy to the host IP running BurpSuite (vboxnet LAN or Bridged LAN IP) and port 8082

  • Install the BurpSuite CA certificate on the iOS device

    • Open http://burpsuite:8082 on Safari

    • Select CA Certificate and click Allow to confirm the config profile download

    • Settings > General > VPN & Device Management > Downloaded Profile

      • Install the PortSwigger CA

    • Settings > General > About > Certificate Trust Settings

      • Activate the toggle switch to enable full trust for root certificates

  • On Safari navigate to https://example.com and check for the connection request inside BurpSuite

    • Depending on the tested mobile application, traffic can be intercepted


Proxyman for iOS

πŸ”— Proxyman for iOS

  • Capture iOS network traffic (HTTP/HTTPS) without a Macbook

  • Standalone app, works independently from Proxyman for macOS

  • View HTTP/HTTPS Requests and Responses in plain text

  • FaceID and Passcode for data protection

  • Debugging tools like Map Local, Breakpoint, Block List, SSL Proxying List,No Caching

  • Share logs to Proxyman for macOS

  • other features

πŸ”— Atlantis for iOS - only for network inspectors

  • Automatically intercept all HTTP/HTTPS Traffic

  • Intercept WebSocket from iOS devices

  • Support iOS Physical Devices and Simulators

  • No need to configure HTTP Proxy or install/trust any Certificate

  • Review traffic logs from Proxyman for macOS

  • Categorize logs by app and devices

  • Install Proxyman for MacOS on a Mac device and follow the iOS Setup Guide to configure the proxy


SSL Pinning iOS

πŸ”— SSL Kill Switch 2 - (Old) tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

πŸ”— Objection

  • On a jailbroken device, Objection can be used to disable SSL Pinning and see HTTPS traffic using a proxy

# MacOS
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py
pip3 install --upgrade setuptools --break-system-packages
pip3 install objection --break-system-packages
pipx ensurepath
objection -g <AppName> explore -s "ios sslpinning disable"

Jailbreaking

❗ Use Jailbreaking with caution! Jailbreaking is legal in the US but may have legal implications in other countries.

πŸ”— iOS CFW Guide

Jailbreaking is the process of unlocking an iOS device to customize its functionality beyond Apple's restrictions, enabling the installation of custom apps and tweaks for a personalized user experience.

  • iOS prioritizes security and reliability with built-in protections against malware, viruses, but jailbreaking can compromise these safeguards, leading to security risks, instability, and reduced battery life

  • Jailbreaking iOS is necessary to conduct full iOS penetration testing

πŸ“Œ Follow my iOS Jailbreak Guide and make sure you always check for updated commands/guides before step into jailbreaking.


Last updated

Was this helpful?