Introduction to

iOS Mobile Application
Penetration Testing
1 Dekade ECHO.OR.ID

@y3dips
MobileSmartphone

www.astanos.ch/img/apple-android-windows-mobile-blackberry-logo.png
http://www.wired.com/gadgetlab/2012/02/meet-the-asus-padfone-the-phone-thats-a-tablet-thats-a-notebook/
Mobile Infrastructure
http://mobile.infostretch.com/images/application-architecture.jpg
http://conwet.fi.upm.es/morfeo-project/mymobileweb_blog/wp-content/uploads/2009/04/mymw_architecture_overview.png
http://www.ipfaces.org/sites/default/files/images/schema.gif
Mobile Infrastructure

Mobile Client/
Application

Communication
Channel

Server Side
Infrastructure
Mobile Infrastructure

Mobile Client/
Application

Communication
Channel

Server Side
Infrastructure
Facteur d'attaque
Attack Vector
Information
Disclosure

Insecure File
Permission

Authentication &
Authorization

Session
Management

Client...
ວiທ$ການ
Methodology

Information
Gathering

Analysis

Exploitation

Report &
QA
http://www.ibroadcastnetwork.org/images/uploads/ios-logo.png
http://cdn3.sbnation.com/entry_photo_images/8958675/iosguide_1020_new_large_verge_super_wide.jpg
Inventory
Jailbroken
Device

Decompiler

Analysis
Tools

Hacker’s
Mind

Security
Tools

Proxy
Cheat Sheet
Applica'on_home

/var/mobile/Applica.ons/[folder]/app_name

Config	
  files

Applica.on_Home/Library/Preferences...
Cycript

Objective-Javascript
www.cycript.org
Hook into a running process of the application
Cycript
Snoop-it
Dynamic Analysis Tools
Runtime Tracing Capabilities
Invoke Arbitrary methods at runtime
Bypass basic Jailbreak de...
Snoop-it
Proof-Of-concept
Proof of concept
Proof of concept
Proof of concept
Proof of concept
Proof of concept
Snoop-it
Reference
IOS Application Security Testing Cheat Sheet - http://
owasp.org
Series of article "Penetration testing of iPhon...
http://sciencetoybox.com/images/Procedures/Raising_hands.jpg
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
Upcoming SlideShare
Loading in …5
×

Introduction to IOS Application Penetration Testing

3,307 views

Published on

Introduction to IOS Application Penetration Testing - Materi Seminar pada 1 Dekade Echo 1dekade.echo.or.id

Published in: Technology

Introduction to IOS Application Penetration Testing

  1. 1. Introduction to iOS Mobile Application Penetration Testing 1 Dekade ECHO.OR.ID @y3dips
  2. 2. MobileSmartphone www.astanos.ch/img/apple-android-windows-mobile-blackberry-logo.png
  3. 3. http://www.wired.com/gadgetlab/2012/02/meet-the-asus-padfone-the-phone-thats-a-tablet-thats-a-notebook/
  4. 4. Mobile Infrastructure
  5. 5. http://mobile.infostretch.com/images/application-architecture.jpg
  6. 6. http://conwet.fi.upm.es/morfeo-project/mymobileweb_blog/wp-content/uploads/2009/04/mymw_architecture_overview.png
  7. 7. http://www.ipfaces.org/sites/default/files/images/schema.gif
  8. 8. Mobile Infrastructure Mobile Client/ Application Communication Channel Server Side Infrastructure
  9. 9. Mobile Infrastructure Mobile Client/ Application Communication Channel Server Side Infrastructure
  10. 10. Facteur d'attaque
  11. 11. Attack Vector Information Disclosure Insecure File Permission Authentication & Authorization Session Management Client Side Injection Logic (Business) Testing Data Protection Decompiling Etc.
  12. 12. ວiທ$ການ
  13. 13. Methodology Information Gathering Analysis Exploitation Report & QA
  14. 14. http://www.ibroadcastnetwork.org/images/uploads/ios-logo.png
  15. 15. http://cdn3.sbnation.com/entry_photo_images/8958675/iosguide_1020_new_large_verge_super_wide.jpg
  16. 16. Inventory Jailbroken Device Decompiler Analysis Tools Hacker’s Mind Security Tools Proxy
  17. 17. Cheat Sheet Applica'on_home /var/mobile/Applica.ons/[folder]/app_name Config  files Applica.on_Home/Library/Preferences/app_name.plist Database .db,  .sqlite,  .sqlite3,  * Cache Applica.on_Home/Library/Caches Cookies cookies.binarycookies  |  copy  read  with  binarycookies.py Logs see  logs  via    iphone  configura.on  u.lity List  Running  Apps ps  -­‐axf Decompiler/Disassembler otool,  class-­‐dump-­‐o,  class-­‐dump-­‐z,  gdb Analysis  Tools/Framework snoop-­‐it  ,  cycript
  18. 18. Cycript Objective-Javascript www.cycript.org Hook into a running process of the application
  19. 19. Cycript
  20. 20. Snoop-it Dynamic Analysis Tools Runtime Tracing Capabilities Invoke Arbitrary methods at runtime Bypass basic Jailbreak detection
  21. 21. Snoop-it
  22. 22. Proof-Of-concept
  23. 23. Proof of concept
  24. 24. Proof of concept
  25. 25. Proof of concept
  26. 26. Proof of concept
  27. 27. Proof of concept
  28. 28. Snoop-it
  29. 29. Reference IOS Application Security Testing Cheat Sheet - http:// owasp.org Series of article "Penetration testing of iPhone applications" - http://securitylearn.net Snoop-it official page https://code.google.com/p/ snoop-it Cycript Tricks http://iphonedevwiki.net/index.php/ Cycript_Tricks
  30. 30. http://sciencetoybox.com/images/Procedures/Raising_hands.jpg

×