# Basic Mobile Testing guide

## Download IPA from IOS

Install app from the app store.

Login via ssh to the jailbroken iphone

```
cd /var/containers/Bundle/Application
```

Find the application on the phone

```
ls * | grep -B 2 -i 'applicationname'
cd long-string
```

Now install zip

```
apt update
apt install zip
```

Now compress the app folder as a zip file and name it .ipa

```
mkdir Payload 
cp applicationname.app Payload/
zip -r /tmp/applicationname.ipa /var/containers/Bundle/Application/longstring/Payload/applicationname.app/
```

Then copy to your attacker machine

```
~# scp root@192.168.x.x:/tmp/applicationname.ipa .
```

Unzip and review the contents

```
unzip applicationname.zip
```

Now you are free to send through mobSF etc.

## Static Analysis 

#### Check for bad strings

```
grep -iRf thickclient-basic.txt /root/Downloads/_decompileapkname_ 
```

#### Docker 

First install docker on whichever system you are using.

```
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
echo 'deb https://download.docker.com/linux/debian stretch stable' > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install docker-ce
```

Install MOBSF

```
docker pull opensecurity/mobile-security-framework-mobsf
docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
```

Upload .ipa/.apk and review results.

Check permissions and review all MOBSF findings

* Review static files
* Review permissions

## Dynamic Analysis

### Android

Open burpsuite

Add proxy listener on all interfaces

<div align="left"><img src="/files/-L_mVzZ3FhVE_iun9UD7" alt=""></div>

Modify the proxy settings on the Android device to point to your Burp listening machine.

<div align="left"><img src="/files/-L_mXOfgpUst2M5g5x8E" alt=""></div>

Ensure you save the settings.

Now you can intercept traffic to and from the app.

* Walk the app and capture all of the traffic, once completed review proxy history and test accordingly.
* Review data storage of app.

### Endpoint Analysis

Review proxy history and follow typical API/ web application methodology to test.

### Reverse Engineering IOS

{% embed url="<https://www.whitehack.com.au/reverse-engineering-ios-apps/>" %}

```
$ strings appname | grep “<?xml”
$ strings appname | grep “SELECT” (or select, insert, update… etc)
$ strings appname | grep “http”
$ strings appname | grep “cydia” (and others, to check for jailbreak tests)
$ strings appname | grep “.com” (you never know, email addresses might be interesting)
$ strings appname | grep “Crypt” (this will also show AESCrypt, for example)
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.jdksec.com/methodologies/mobile-testing.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.