RSS
 

Posts Tagged ‘pentesting iphone applications’

Useful Cydia Apps for pentesting

07 Feb
For pentesting iPhone applications, we need to download a lot of tools from Cydia. Some of the necessary  tools are -


  • OpenSSH – Allows to connect to the iPhone remotely over SSH
  • Adv-cmds : Comes with a set of process commands like ps, kill, finger…
  • Sqlite3 : Sqlite database client
  • GNU Debugger: For run time analysis & reverse engineering
  • Syslogd : To view iPhone logs
  • Veency: Allows to view the phone on the workstation with the help of veency client
  • Tcpdump: To capture network traffic on phone
  • com.ericasadun.utlities: plutil to view property list files
  • Grep: For searching
  • Odcctools (Darwin CC tools): otool – object file displaying tool
  • Crackulous: Decrypt iPhone apps
  • Hackulous: To install decrypted apps
  • Cycript: Run time analysis & reverse engineering


    * To install crackulous and hackulous add http://cydia.hackulo.us/ to Cydia sources.
    * To install GNU Debugger on iOS 5 view - http://www.securitylearn.net/2012/05/20/installing-gnu-debugger-on-iphone/
 
 

Pentesting iPhone Applications

17 Oct

I have given a presentation on Pentesting iPhone Applications in c0c0n. This presentation mainly focuses on methodology, techniques and the tools that will help security testers while assessing the security of iPhone applications.

Slides:


Video:

 
4 Comments

Posted in iPhone