Your SlideShare is downloading. ×
Introduction to IOS Application Penetration Testing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Introduction to IOS Application Penetration Testing

1,921
views

Published on

Introduction to IOS Application Penetration Testing - Materi Seminar pada 1 Dekade Echo 1dekade.echo.or.id

Introduction to IOS Application Penetration Testing - Materi Seminar pada 1 Dekade Echo 1dekade.echo.or.id

Published in: Technology

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,921
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
107
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Introduction to iOS Mobile Application Penetration Testing 1 Dekade ECHO.OR.ID @y3dips
  • 2. MobileSmartphone www.astanos.ch/img/apple-android-windows-mobile-blackberry-logo.png
  • 3. http://www.wired.com/gadgetlab/2012/02/meet-the-asus-padfone-the-phone-thats-a-tablet-thats-a-notebook/
  • 4. Mobile Infrastructure
  • 5. http://mobile.infostretch.com/images/application-architecture.jpg
  • 6. http://conwet.fi.upm.es/morfeo-project/mymobileweb_blog/wp-content/uploads/2009/04/mymw_architecture_overview.png
  • 7. http://www.ipfaces.org/sites/default/files/images/schema.gif
  • 8. Mobile Infrastructure Mobile Client/ Application Communication Channel Server Side Infrastructure
  • 9. Mobile Infrastructure Mobile Client/ Application Communication Channel Server Side Infrastructure
  • 10. Facteur d'attaque
  • 11. Attack Vector Information Disclosure Insecure File Permission Authentication & Authorization Session Management Client Side Injection Logic (Business) Testing Data Protection Decompiling Etc.
  • 12. ວiທ$ການ
  • 13. Methodology Information Gathering Analysis Exploitation Report & QA
  • 14. http://www.ibroadcastnetwork.org/images/uploads/ios-logo.png
  • 15. http://cdn3.sbnation.com/entry_photo_images/8958675/iosguide_1020_new_large_verge_super_wide.jpg
  • 16. Inventory Jailbroken Device Decompiler Analysis Tools Hacker’s Mind Security Tools Proxy
  • 17. Cheat Sheet Applica'on_home /var/mobile/Applica.ons/[folder]/app_name Config  files Applica.on_Home/Library/Preferences/app_name.plist Database .db,  .sqlite,  .sqlite3,  * Cache Applica.on_Home/Library/Caches Cookies cookies.binarycookies  |  copy  read  with  binarycookies.py Logs see  logs  via    iphone  configura.on  u.lity List  Running  Apps ps  -­‐axf Decompiler/Disassembler otool,  class-­‐dump-­‐o,  class-­‐dump-­‐z,  gdb Analysis  Tools/Framework snoop-­‐it  ,  cycript
  • 18. Cycript Objective-Javascript www.cycript.org Hook into a running process of the application
  • 19. Cycript
  • 20. Snoop-it Dynamic Analysis Tools Runtime Tracing Capabilities Invoke Arbitrary methods at runtime Bypass basic Jailbreak detection
  • 21. Snoop-it
  • 22. Proof-Of-concept
  • 23. Proof of concept
  • 24. Proof of concept
  • 25. Proof of concept
  • 26. Proof of concept
  • 27. Proof of concept
  • 28. Snoop-it
  • 29. Reference IOS Application Security Testing Cheat Sheet - http:// owasp.org Series of article "Penetration testing of iPhone applications" - http://securitylearn.net Snoop-it official page https://code.google.com/p/ snoop-it Cycript Tricks http://iphonedevwiki.net/index.php/ Cycript_Tricks
  • 30. http://sciencetoybox.com/images/Procedures/Raising_hands.jpg

×