10. iOS Dynamic Analysis

BurpSuite

🔗 Configuring an iOS device to work with Burp Suite

Install and configure Burpsuite following the same steps here.

• Configure the device to use the proxy

  • Settings > Wi-Fi > Info button > Configure Proxy

  • Use Manual to set the Proxy to the host IP running BurpSuite (vboxnet LAN or Bridged LAN IP) and port 8082

• Install the BurpSuite CA certificate on the iOS device

  • Open http://burpsuite:8082 on Safari

  • Select CA Certificate and click Allow to confirm the config profile download

  • Settings > General > VPN & Device Management > Downloaded Profile

    • Install the PortSwigger CA

  • Settings > General > About > Certificate Trust Settings

    • Activate the toggle switch to enable full trust for root certificates

• On Safari navigate to https://example.com and check for the connection request inside BurpSuite

  • Depending on the tested mobile application, traffic can be intercepted

Proxyman for iOS

🔗 Proxyman for iOS

• Capture iOS network traffic (HTTP/HTTPS) without a Macbook

• Standalone app, works independently from Proxyman for macOS

• View HTTP/HTTPS Requests and Responses in plain text

• FaceID and Passcode for data protection

• Debugging tools like Map Local, Breakpoint, Block List, SSL Proxying List,No Caching

• Share logs to Proxyman for macOS

• other features

🔗 Atlantis for iOS - only for network inspectors

• Automatically intercept all HTTP/HTTPS Traffic

• Intercept WebSocket from iOS devices

• Support iOS Physical Devices and Simulators

• No need to configure HTTP Proxy or install/trust any Certificate

• Review traffic logs from Proxyman for macOS

• Categorize logs by app and devices

• Install Proxyman for MacOS on a Mac device and follow the iOS Setup Guide to configure the proxy

SSL Pinning iOS

🔗 SSL Kill Switch 2 - (Old) tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

🔗 Objection

• On a jailbroken device, Objection can be used to disable SSL Pinning and see HTTPS traffic using a proxy

# MacOS
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py
pip3 install --upgrade setuptools --break-system-packages
pip3 install objection --break-system-packages
pipx ensurepath

objection -g <AppName> explore -s "ios sslpinning disable"

Jailbreaking

❗ Use Jailbreaking with caution! Jailbreaking is legal in the US but may have legal implications in other countries.

🔗 iOS CFW Guide

Jailbreaking is the process of unlocking an iOS device to customize its functionality beyond Apple's restrictions, enabling the installation of custom apps and tweaks for a personalized user experience.

• iOS prioritizes security and reliability with built-in protections against malware, viruses, but jailbreaking can compromise these safeguards, leading to security risks, instability, and reduced battery life

• Jailbreaking iOS is necessary to conduct full iOS penetration testing

• Types of jailbreak

📌 Follow my iOS Jailbreak Guide and make sure you always check for updated commands/guides before step into jailbreaking.

• A good resource website is iOS CFW Guide - Get Started

• Different devices will require different steps and tools to jailbreak an iOS!