SlideShare a Scribd company logo

iOS Application Pentesting

Download as PPT, PDF
n|u - The Open Security Community
n|u - The Open Security Community

iOS Application Pentesting

Internet
1 of 53
1 iOS Application Pen testing Ajay Nunna
ABOUT ME • Java Developer • Security Researcher • 5 years into IT Industry • Music and food lover
AGENDA • Setting up an iOS pen-testing environment • Understanding the iOS file system • Understanding the Objective-C runtime • Runtime analysis and manipulation • Insecure Data storage • URL schemes • Analyzing network traffic over HTTP/HTTPs • Automated testing
Setting up Environment  A jail broken iOS device  Cydia • Clutch • Cycript • Class-dump-z • Snoop-it • OpenShh • Keychain_dumper
• Jailbreak your device by downloading the pangu/evasi0n. • Click on jailbreak and follow the process to jailbreak your device
Understanding the IOS File system • All the applications installed by Apple by default go inside the /Applications directory and run with the user root. • All the applications downloaded from the app store go inside /var/mobile/applications and run with the user mobile. • Every application runs in its own environment known as the application sandbox, thereby preventing it to access resources from other applications. This is done to enforce additional security.
Here is how a typical application directory looks like The APP_NAME.app folder contains the application binary.
Understanding the Objective-C runtime •All native iOS applications are written in Objective-C, which is a runtime oriented language. •Objective-C defers decisions from compile time and link time to the time when the code in the application is actually being executed. •Gives rise to a category of attacks knows as runtime manipulation. •Variables and properties can be analyzed and modified at runtime. •Messages aren’t bound to method implementations until runtime, thereby allowing us to modify the method implementations. •The functions are implemented in the shared library found at /usr/lib/libobjc.A.dylib.
Usage: otool -l [binaryName]
• Command line utility. Extremely helpful tool in iOS pentesting. • Extracts class information from unencrypted Mach-O binaries. • Helps in finding out the method names, properties, protocols being used in any class. • Tells a lot about the design of the application. • Information is presented in a readable format. class-dump-z
• Application that are installed by default on iOS device won’t be encrypted, and hence class information can be dumped without any issues. • For applications downloaded from the App store, you must decrypt the application first using clutch. class-dump-z
Usage: class-dump-z [binaryName]
Usage: clutch [App Name] • Just using the clutch command will display a list of applications that can be decrypted. • Use “clutch [App Name]” to decrypt the application. The decrypted ipa file will be stored in the location as shown below.
• Unzip the ipa file to a new folder. • Dump the class information from the binary inside this folder.
• According to cycript.org - Cycript allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective- C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion. • Allows the user to hook into a running process during runtime and modify the values of instance variables, global variables, swizzle method implementations, call a particular method etc. • Complete documentation can be found at http://www.cycript.org/ Cycript
Setting up Cycript
Runtime analysis using Cycript • You can hook into the runtime of an application by using the command “cycript -p [PID]” • Some cool things that you can do with Cycript can be found here http://iphonedevwiki.net/index.php/Cycript_Tricks
• For the case below, you can define a method named printMethods that takes input as a class and prints out all its methods. • This method has been taken from http://iphonedevwiki.net/index.php/Cycript_Tricks • For e.g, you can define your own methods.
• You can also use the messages property of a class to print out all its messages, for e.g “AppDelegate.messages”. This will only print out the instance methods.
Runtime manipulation using Cycript • With cycript, you can manipulate the values of instance variables, global variables for a particular class. • You can also modify method implementations.
Runtime manipulation demo • In this case, we are manipulating the instance variable “urlToLoad” in the view controller RuntimeManipulationDetailsVC for DamnVulnerableiOSApp (http://damnvulnerableiosapp.com) • The first step is to get a reference to the view controller. • Once you get the reference, you can modify any of it’s variables. • For e.g UIApp.keyWindow.rootViewController.topViewController.topViewControlle r.urlToLoad = [NSString stringWithFormat:@"http://google.com"];
• We can also swizzle method implementations and replace the method implementation with our own. • Let’s assume you find a method with the name isLoginValidated in a particular view controller that returns a YES or NO depending on whether the login information is correct or not. • To try this demo, download Damn Vulnerable iOS app from http://damnvulnerableiosapp.com Runtime manipulation demo (Method Swizzling)
• We can modify this method’s implementation to always return TRUE. • As you can see, the code on the R.H.S is actually Javascript, this is the beauty about Cycript, it can contain both Objective-C and javascript syntax. Runtime manipulation demo (Method Swizzling) • RuntimeManipulationDetailsVC.messages['isLoginValidated'] = function() {return TRUE;}
• Plist • NSUserDefaults • CoreData (Sqlite) • Keychain Insecure Local Data Storage There are many ways of storing data locally on an iOS device. Some of these techniques are …
• Data stored in plist files is stored unencrypted in the application sandbox. • An attacker doesn’t even need to have a jailbroken device to access the contents of the plist file. It can be accessed using simple file explorer utilities like iExplorer. • Most often, developers make the mistake of storing confidential data in Plist files. Plist
Plist • Sample code for storing data in plist files.
Plist • These files can be easily found using any simple file explorer utility like iExplorer in the application folder.
Plist • On inspecting these files, you can find the information being saved in the plist file.
Plist • Do not use plist files to store confidential information like username/passwords. • Do not store session ID’s , important properties etc in a plist file. • Plist files should only be used to store information that is not important, for e.g, a list of image names, the last launch date of the application etc.
NSUserDefaults • Used for storing properties, objects that can persist even after an application restart. • Information is saved unencrypted inside the application sandbox in a plist file with the name [BUNDLE_ID].plist inside the folder Library -> preferences . • Developers make a common mistake of storing critical data using NSUserDefaults.
NSUserDefaults • All the information stored using NSUserDefaults can be found inside the file [BUNDLE_ID].plist inside the folder Library -> Preferences.
NSUserDefaults • All the key/value pairs stored using NSUserDefaults can be found in this file.
Core Data • Core Data framework is used to store persistent data, manage relationships between objects etc. • Information is again saved unencrypted on the device in .db or .sqlite files. • An attacker can gather information about Core data objects by using a sqlite client.
• Navigate to your application directory and look for files with the extension .db or .sqlite. • Use an sqlite client to access these files. Core Data
Core Data • Core data framework should not be used to store confidential information as the information is stored unencrypted on the device. • If you want to save some confidential informaiton, encrypt it before saving locally or use some wrappers over core data that store encrypted information on the device.
Keychain • It is the most secure way of storing information locally on the device. • Used by most of the popular application like Gmail, Facebook to store confidential information like passwords, authentication tokens etc. • Currently, information stored in the keychain can only be dumped from a jailbroken device using a tool named Keychain Dumper. • https://github.com/ptoomey3/Keychain-Dumper
Keychain dumper demo •Wi-Fi Password • Even though keychain is one of the most secure places to store information, consider adding an extra layer of encryption before saving data using keychain to make the job even more difficult for the attacker.
URL Schemes • Used for IPC between applications. • Every application can register for a particular URL scheme. • Any url starting with that particular URL scheme invokes the application that is registered to handle that url. • For e.g, the facebook iOS application registers for the URL scheme “fb” • Url’s starting with fb:// will invoke the facebook iOS application. • The Facebook iOS application will decide what to do with that particular url depending on its parameters. • For e.g fb://chat_text?name=Prateek&message=Hello
URL Schemes • Any application can call a url starting with a particular url scheme and invoke the registered application. • Attacker can also embed the url inside an iframe in a malicious page, and hence when the user visits the page, the url will execute and the registered application will be called. • These URL schemes can be used to execute important operations, for e.g FaceTime iOS app allowed other apps to call users via URL schemes. • The problem happens when the operation is executed without any validation from the user.
• A simple solution for this is to validate the action before performing it. • For critical apps, you can also set a list of whitelisted applications and only allow them to invoke an action. This can be checked by the sourceApplication property in the calling method. • Skype URL scheme vulnerability http://software- security.sans.org/blog/2010/11/08/insecure-handling-url- schemes-apples-ios/ URL Schemes
• How to find out the URL scheme used by a particular application ? • This info can be found from the Info.plist file. URL Schemes
• Look for the property CFBundleURLSchemes inside CFBundleURLTypes -> Item 0 • As we can see, the Facebook iOS app registers for quite a lot of URL schemes. URL Schemes
• Another important thing could be to find out the URL structure an application is expecting in order to perform a certain action. • This can be found by reverse engineering the application using tools like Hopper (hopperapp.com) and looking for strings that start with that particular URL scheme or looking at the disassembly of this method in the AppDelegate class. • Related article: http://highaltitudehacks.com/2014/03/07/ios- application-security-part-30-attacking-url-schemes URL Schemes
• It is important to analyze the network traffic that flows between the client/server in an application. • Look for credentials, authentication tokens, API keys being transmitted over unsecured http channel. • Check for the entropy in Session ID’s. • Traffic can be analyzed using a simple proxy tool like Burp proxy. • Try to manipulate the request/response using Burp and see how the client side application responds to it. Analyzing network traffic over HTTP/HTTPs
Analyzing traffic over HTTP • Configure Burp Proxy to start listening for traffic. Make sure it is listening on all interfaces.
Analyzing traffic over HTTP • Configure your iOS device to use your computer as a proxy.
Analyzing traffic over HTTPs • Send this file to your device via email, click on it and Install it. Accept all the instructions and click on Done.
Analyzing traffic over HTTPs • Quit and restart the application you want to sniff traffic for. You will now be able to see the traffic even if it is over HTTPs
Automated testing • Automating tests while doing an iOS penetration test can help you save a lot of time. • Though not all tests can be automated, there are some tools that do a very good job at this. • Snoop-it - https://code.google.com/p/snoop-it/ • iNalyzer - https://appsec-labs.com/iNalyzer • iRET - https://blog.veracode.com/2014/03/introducing-the-ios- reverse-engineering-toolkit/
Snoop-it • Source: https://code.google.com/p/snoop-it/ • For iOS 7, it currently supports only 32 bit devices.
Snoop-it • Here is how the interface looks like.
Credits Prateek Gianchandani Twitter:@prateekg147 http://damnvulnerableiosapp.com
THANK-YOU Questions ?

Recommended

iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
iOS Application Penetration Testing
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testingn|u - The Open Security Community
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top TenChristian Heinrich
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim HegazyHackIT Ukraine
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 

Recommended

iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
iOS Application Penetration Testing
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testingn|u - The Open Security Community
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top TenChristian Heinrich
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim HegazyHackIT Ukraine
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization VulnerabilitiesLuca Carettoni
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxdeepikakumari643428
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singaporen|u - The Open Security Community
 
Hacker's jargons
Hacker's jargonsHacker's jargons
Hacker's jargonsn|u - The Open Security Community
 

More Related Content

What's hot

Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization VulnerabilitiesLuca Carettoni
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxdeepikakumari643428
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAjin Abraham
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application SecurityEgor Tolstoy
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 

What's hot (20)

Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 

Viewers also liked

Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)securityiphonepentest
 
Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009ClubHack
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Subhransu Behera
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 
INTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUESINTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUESChirag Jain
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration TestingChirag Jain
 

Viewers also liked (20)

DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singapore
 
Hacker's jargons
Hacker's jargonsHacker's jargons
Hacker's jargons
 
Humla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null SingaporeHumla workshop on Android Security Testing - null Singapore
Humla workshop on Android Security Testing - null Singapore
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flake
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
Null Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi HantoucheNull Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi Hantouche
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
iOS application (in)security
iOS application (in)securityiOS application (in)security
iOS application (in)security
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
 
Firewalking
FirewalkingFirewalking
Firewalking
 
Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009Gursev kalra _mobile_application_security_testing - ClubHack2009
Gursev kalra _mobile_application_security_testing - ClubHack2009
 
Stegano Secrets - Python
Stegano Secrets - PythonStegano Secrets - Python
Stegano Secrets - Python
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
INTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUESINTELLIGENT FACE RECOGNITION TECHNIQUES
INTELLIGENT FACE RECOGNITION TECHNIQUES
 
Managing third party libraries
Managing third party librariesManaging third party libraries
Managing third party libraries
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
 

Similar to iOS Application Pentesting

Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetupkunwaratul hax0r
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container securityVolodymyr Shynkar
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applicationsSatish b
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applicationsiphonepentest
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)Sam Bowne
 
CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)Sam Bowne
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 
Android Application WebAPI Development Training
Android Application WebAPI Development TrainingAndroid Application WebAPI Development Training
Android Application WebAPI Development TrainingOESF Education
 
Android application development fundamentals
Android application development fundamentalsAndroid application development fundamentals
Android application development fundamentalsindiangarg
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration TestingSurabaya Blackhat
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testingeightbit
 

Similar to iOS Application Pentesting (20)

iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application Exploitation
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetup
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applications
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
Evaluating iOS Applications
Evaluating iOS ApplicationsEvaluating iOS Applications
Evaluating iOS Applications
 
CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)CNIT 128: 3. Attacking iOS Applications (Part 2)
CNIT 128: 3. Attacking iOS Applications (Part 2)
 
CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)CNIT 128 3. Attacking iOS Applications (Part 2)
CNIT 128 3. Attacking iOS Applications (Part 2)
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 
Android Application WebAPI Development Training
Android Application WebAPI Development TrainingAndroid Application WebAPI Development Training
Android Application WebAPI Development Training
 
Android application development fundamentals
Android application development fundamentalsAndroid application development fundamentals
Android application development fundamentals
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testing
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
 

Recently uploaded

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 

Recently uploaded (20)

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 

iOS Application Pentesting

  • 1. 1 iOS Application Pen testing Ajay Nunna
  • 2. ABOUT ME • Java Developer • Security Researcher • 5 years into IT Industry • Music and food lover
  • 3. AGENDA • Setting up an iOS pen-testing environment • Understanding the iOS file system • Understanding the Objective-C runtime • Runtime analysis and manipulation • Insecure Data storage • URL schemes • Analyzing network traffic over HTTP/HTTPs • Automated testing
  • 4. Setting up Environment  A jail broken iOS device  Cydia • Clutch • Cycript • Class-dump-z • Snoop-it • OpenShh • Keychain_dumper
  • 5. • Jailbreak your device by downloading the pangu/evasi0n. • Click on jailbreak and follow the process to jailbreak your device
  • 6. Understanding the IOS File system • All the applications installed by Apple by default go inside the /Applications directory and run with the user root. • All the applications downloaded from the app store go inside /var/mobile/applications and run with the user mobile. • Every application runs in its own environment known as the application sandbox, thereby preventing it to access resources from other applications. This is done to enforce additional security.
  • 7. Here is how a typical application directory looks like The APP_NAME.app folder contains the application binary.
  • 8. Understanding the Objective-C runtime •All native iOS applications are written in Objective-C, which is a runtime oriented language. •Objective-C defers decisions from compile time and link time to the time when the code in the application is actually being executed. •Gives rise to a category of attacks knows as runtime manipulation. •Variables and properties can be analyzed and modified at runtime. •Messages aren’t bound to method implementations until runtime, thereby allowing us to modify the method implementations. •The functions are implemented in the shared library found at /usr/lib/libobjc.A.dylib.
  • 9. Usage: otool -l [binaryName]
  • 10. • Command line utility. Extremely helpful tool in iOS pentesting. • Extracts class information from unencrypted Mach-O binaries. • Helps in finding out the method names, properties, protocols being used in any class. • Tells a lot about the design of the application. • Information is presented in a readable format. class-dump-z
  • 11. • Application that are installed by default on iOS device won’t be encrypted, and hence class information can be dumped without any issues. • For applications downloaded from the App store, you must decrypt the application first using clutch. class-dump-z
  • 13. Usage: clutch [App Name] • Just using the clutch command will display a list of applications that can be decrypted. • Use “clutch [App Name]” to decrypt the application. The decrypted ipa file will be stored in the location as shown below.
  • 14. • Unzip the ipa file to a new folder. • Dump the class information from the binary inside this folder.
  • 15. • According to cycript.org - Cycript allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective- C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion. • Allows the user to hook into a running process during runtime and modify the values of instance variables, global variables, swizzle method implementations, call a particular method etc. • Complete documentation can be found at http://www.cycript.org/ Cycript
  • 17. Runtime analysis using Cycript • You can hook into the runtime of an application by using the command “cycript -p [PID]” • Some cool things that you can do with Cycript can be found here http://iphonedevwiki.net/index.php/Cycript_Tricks
  • 18. • For the case below, you can define a method named printMethods that takes input as a class and prints out all its methods. • This method has been taken from http://iphonedevwiki.net/index.php/Cycript_Tricks • For e.g, you can define your own methods.
  • 19. • You can also use the messages property of a class to print out all its messages, for e.g “AppDelegate.messages”. This will only print out the instance methods.
  • 20. Runtime manipulation using Cycript • With cycript, you can manipulate the values of instance variables, global variables for a particular class. • You can also modify method implementations.
  • 21. Runtime manipulation demo • In this case, we are manipulating the instance variable “urlToLoad” in the view controller RuntimeManipulationDetailsVC for DamnVulnerableiOSApp (http://damnvulnerableiosapp.com) • The first step is to get a reference to the view controller. • Once you get the reference, you can modify any of it’s variables. • For e.g UIApp.keyWindow.rootViewController.topViewController.topViewControlle r.urlToLoad = [NSString stringWithFormat:@"http://google.com"];
  • 22. • We can also swizzle method implementations and replace the method implementation with our own. • Let’s assume you find a method with the name isLoginValidated in a particular view controller that returns a YES or NO depending on whether the login information is correct or not. • To try this demo, download Damn Vulnerable iOS app from http://damnvulnerableiosapp.com Runtime manipulation demo (Method Swizzling)
  • 23. • We can modify this method’s implementation to always return TRUE. • As you can see, the code on the R.H.S is actually Javascript, this is the beauty about Cycript, it can contain both Objective-C and javascript syntax. Runtime manipulation demo (Method Swizzling) • RuntimeManipulationDetailsVC.messages['isLoginValidated'] = function() {return TRUE;}
  • 24. • Plist • NSUserDefaults • CoreData (Sqlite) • Keychain Insecure Local Data Storage There are many ways of storing data locally on an iOS device. Some of these techniques are …
  • 25. • Data stored in plist files is stored unencrypted in the application sandbox. • An attacker doesn’t even need to have a jailbroken device to access the contents of the plist file. It can be accessed using simple file explorer utilities like iExplorer. • Most often, developers make the mistake of storing confidential data in Plist files. Plist
  • 26. Plist • Sample code for storing data in plist files.
  • 27. Plist • These files can be easily found using any simple file explorer utility like iExplorer in the application folder.
  • 28. Plist • On inspecting these files, you can find the information being saved in the plist file.
  • 29. Plist • Do not use plist files to store confidential information like username/passwords. • Do not store session ID’s , important properties etc in a plist file. • Plist files should only be used to store information that is not important, for e.g, a list of image names, the last launch date of the application etc.
  • 30. NSUserDefaults • Used for storing properties, objects that can persist even after an application restart. • Information is saved unencrypted inside the application sandbox in a plist file with the name [BUNDLE_ID].plist inside the folder Library -> preferences . • Developers make a common mistake of storing critical data using NSUserDefaults.
  • 31. NSUserDefaults • All the information stored using NSUserDefaults can be found inside the file [BUNDLE_ID].plist inside the folder Library -> Preferences.
  • 32. NSUserDefaults • All the key/value pairs stored using NSUserDefaults can be found in this file.
  • 33. Core Data • Core Data framework is used to store persistent data, manage relationships between objects etc. • Information is again saved unencrypted on the device in .db or .sqlite files. • An attacker can gather information about Core data objects by using a sqlite client.
  • 34. • Navigate to your application directory and look for files with the extension .db or .sqlite. • Use an sqlite client to access these files. Core Data
  • 35. Core Data • Core data framework should not be used to store confidential information as the information is stored unencrypted on the device. • If you want to save some confidential informaiton, encrypt it before saving locally or use some wrappers over core data that store encrypted information on the device.
  • 36. Keychain • It is the most secure way of storing information locally on the device. • Used by most of the popular application like Gmail, Facebook to store confidential information like passwords, authentication tokens etc. • Currently, information stored in the keychain can only be dumped from a jailbroken device using a tool named Keychain Dumper. • https://github.com/ptoomey3/Keychain-Dumper
  • 37. Keychain dumper demo •Wi-Fi Password • Even though keychain is one of the most secure places to store information, consider adding an extra layer of encryption before saving data using keychain to make the job even more difficult for the attacker.
  • 38. URL Schemes • Used for IPC between applications. • Every application can register for a particular URL scheme. • Any url starting with that particular URL scheme invokes the application that is registered to handle that url. • For e.g, the facebook iOS application registers for the URL scheme “fb” • Url’s starting with fb:// will invoke the facebook iOS application. • The Facebook iOS application will decide what to do with that particular url depending on its parameters. • For e.g fb://chat_text?name=Prateek&message=Hello
  • 39. URL Schemes • Any application can call a url starting with a particular url scheme and invoke the registered application. • Attacker can also embed the url inside an iframe in a malicious page, and hence when the user visits the page, the url will execute and the registered application will be called. • These URL schemes can be used to execute important operations, for e.g FaceTime iOS app allowed other apps to call users via URL schemes. • The problem happens when the operation is executed without any validation from the user.
  • 40. • A simple solution for this is to validate the action before performing it. • For critical apps, you can also set a list of whitelisted applications and only allow them to invoke an action. This can be checked by the sourceApplication property in the calling method. • Skype URL scheme vulnerability http://software- security.sans.org/blog/2010/11/08/insecure-handling-url- schemes-apples-ios/ URL Schemes
  • 41. • How to find out the URL scheme used by a particular application ? • This info can be found from the Info.plist file. URL Schemes
  • 42. • Look for the property CFBundleURLSchemes inside CFBundleURLTypes -> Item 0 • As we can see, the Facebook iOS app registers for quite a lot of URL schemes. URL Schemes
  • 43. • Another important thing could be to find out the URL structure an application is expecting in order to perform a certain action. • This can be found by reverse engineering the application using tools like Hopper (hopperapp.com) and looking for strings that start with that particular URL scheme or looking at the disassembly of this method in the AppDelegate class. • Related article: http://highaltitudehacks.com/2014/03/07/ios- application-security-part-30-attacking-url-schemes URL Schemes
  • 44. • It is important to analyze the network traffic that flows between the client/server in an application. • Look for credentials, authentication tokens, API keys being transmitted over unsecured http channel. • Check for the entropy in Session ID’s. • Traffic can be analyzed using a simple proxy tool like Burp proxy. • Try to manipulate the request/response using Burp and see how the client side application responds to it. Analyzing network traffic over HTTP/HTTPs
  • 45. Analyzing traffic over HTTP • Configure Burp Proxy to start listening for traffic. Make sure it is listening on all interfaces.
  • 46. Analyzing traffic over HTTP • Configure your iOS device to use your computer as a proxy.
  • 47. Analyzing traffic over HTTPs • Send this file to your device via email, click on it and Install it. Accept all the instructions and click on Done.
  • 48. Analyzing traffic over HTTPs • Quit and restart the application you want to sniff traffic for. You will now be able to see the traffic even if it is over HTTPs
  • 49. Automated testing • Automating tests while doing an iOS penetration test can help you save a lot of time. • Though not all tests can be automated, there are some tools that do a very good job at this. • Snoop-it - https://code.google.com/p/snoop-it/ • iNalyzer - https://appsec-labs.com/iNalyzer • iRET - https://blog.veracode.com/2014/03/introducing-the-ios- reverse-engineering-toolkit/
  • 50. Snoop-it • Source: https://code.google.com/p/snoop-it/ • For iOS 7, it currently supports only 32 bit devices.
  • 51. Snoop-it • Here is how the interface looks like.