10. iOS Dynamic Analysis

BurpSuite

🔗 Configuring an iOS device to work with Burp Suite

Install and configure Burpsuite following the same steps here.

  • Configure the device to use the proxy

    • Settings > Wi-Fi > Info button > Configure Proxy

    • Use Manual to set the Proxy to the host IP running BurpSuite (vboxnet LAN or Bridged LAN IP) and port 8082

  • Install the BurpSuite CA certificate on the iOS device

    • Open http://burpsuite:8082 on Safari

    • Select CA Certificate and click Allow to confirm the config profile download

    • Settings > General > VPN & Device Management > Downloaded Profile

      • Install the PortSwigger CA

    • Settings > General > About > Certificate Trust Settings

      • Activate the toggle switch to enable full trust for root certificates

  • On Safari navigate to https://example.com and check for the connection request inside BurpSuite

    • Depending on the tested mobile application, traffic can be intercepted


Proxyman for iOS

🔗 Proxyman for iOS

  • Capture iOS network traffic (HTTP/HTTPS) without a Macbook

  • Standalone app, works independently from Proxyman for macOS

  • View HTTP/HTTPS Requests and Responses in plain text

  • FaceID and Passcode for data protection

  • Debugging tools like Map Local, Breakpoint, Block List, SSL Proxying List,No Caching

  • Share logs to Proxyman for macOS

  • other features

🔗 Atlantis for iOS - only for network inspectors

  • Automatically intercept all HTTP/HTTPS Traffic

  • Intercept WebSocket from iOS devices

  • Support iOS Physical Devices and Simulators

  • No need to configure HTTP Proxy or install/trust any Certificate

  • Review traffic logs from Proxyman for macOS

  • Categorize logs by app and devices

  • Install Proxyman for MacOS on a Mac device and follow the iOS Setup Guide to configure the proxy


SSL Pinning iOS

🔗 SSL Kill Switch 2 - (Old) tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

🔗 Objection

  • On a jailbroken device, Objection can be used to disable SSL Pinning and see HTTPS traffic using a proxy

# MacOS
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py
pip3 install --upgrade setuptools --break-system-packages
pip3 install objection --break-system-packages
pipx ensurepath
objection -g <AppName> explore -s "ios sslpinning disable"

Jailbreaking

❗ Use Jailbreaking with caution! Jailbreaking is legal in the US but may have legal implications in other countries.

🔗 iOS CFW Guide

Jailbreaking is the process of unlocking an iOS device to customize its functionality beyond Apple's restrictions, enabling the installation of custom apps and tweaks for a personalized user experience.

  • iOS prioritizes security and reliability with built-in protections against malware, viruses, but jailbreaking can compromise these safeguards, leading to security risks, instability, and reduced battery life

  • Jailbreaking iOS is necessary to conduct full iOS penetration testing

📌 Follow my iOS Jailbreak Guide and make sure you always check for updated commands/guides before step into jailbreaking.


Last updated

Was this helpful?