Basic iOS Apps Security Testing

lab 

By – Ankit Bhanushali
Required Resources
• iPhone 6 — iOS 11.2.6
• MacBook Pro — 10.13.6 / Simulator
• High End Laptop 1TB SSD Or 16 GB Ram
Preface.

• Disclaimer.
• Jailbreaking.
• Installing Tools and components on IOS device.
• Installing iOS Security Tools on MacOS
• External Tools/Apps Installation for iOS devices.
Installing Tools and components on IOS
device.
BigBoss Recommended Tools.
• This repo on Cydia contains most of the tools required for ios app
security testing.
• Manually downloading the useful tools only, try to add the basic
information about the tools you should install. So, you have an idea
about the tools you are installing.
Downloading tools from Cydia — iOS
11.2.6
• Network Commands — This will Install — arp, ifconfig, route and
traceroute.
• arp — Arp manipulates or displays the kernel’s IPv4 network neighbour
cache. it can add entries to the table, delete one, or display the current
content. ARP stands for Address Resolution Protocol, Which is used to
find the address of a network neighbour for a given IPv4 address.
• ifconfig — Ifconfig is used to configure or view the configuration of, a
network interface.
• route — Route is a command line tool that allows a user to view and
configure there operating system’s routing table.
• traceroute — Traceroute is a method of sending a packet and tracing
the packet from its starting to ending location and showing each of
the hops required to get to the location. Example tool: tracert

• 2. Bootstrap commands — Mach interface and stub generator.

• 3. Developer -cmds — Install (ctags, haxdump, rpcgen, unifdef)
• 4. Diskdev-cmds — Install (mount, quota, fsck, fstyp, fdisk, tunefs)
Other Important Utilities and tools.

5. Make — Dependency-based build environments.

6. Nano — completely free, modern clone of pico
7. Unrar — De-compresses files in rar format
8. Unzip — De-Compresses files in zip format
9. Syslog Commandline — Enable/disable Syslog via cmd line. syslogon to enable,
syslogoff to disable. Log to /var/log/syslog
10. Zip — Standard compression tool
11. OpenSSH — Secure remote access between machines.
12. OpenSSL — SSL library and cryptographic tools.
13. Apt 1.4 Strict — The advanced packaging tool from Debian
Security Issues In Damn Vulnerable iOS application V-1

• Insecure Data Storage

• Jailbreak Detection
• Runtime Manipulation
• Sensitive information in memory
• Privacy detection
• Security Decision via untrusted input.
• Side channel Data leakage
• Transport Layer Security
• Client Side security
• Broken Cryptography
• Binary patching
Security Issues In Damn Vulnerable iOS application V-2

• Local Data Storage

• Jailbreak Detection
• Excessive Permissions
• Runtime Manipulation
• Anti anti Hooking/Debugging
• Binary Protection
• Touch/Face ID Bypass
• Phishing
• Side Channel Data leakage
• IPC issues
• Broken Cryptography
• WebView issues
• Network Layer Security
• Application Patching
• Sensitive Information is Memory
• Data Leakage to Third parties
Refernces
• For More In Details.

• Visit -
https://medium.com/inbughunters/basic-ios-apps-security-testing-lab
-1-2bf37c2a7d15
• http://damnvulnerableiosapp.com/#downloads