Install app from the app store.
Login via ssh to the jailbroken iphone
Find the application on the phone
ls * | grep -B 2 -i 'applicationname'cd long-string
Now install zip
apt updateapt install zip
Now compress the app folder as a zip file and name it .ipa
mkdir Payloadcp applicationname.app Payload/zip -r /tmp/applicationname.ipa /var/containers/Bundle/Application/longstring/Payload/applicationname.app/
Then copy to your attacker machine
~# scp [email protected]:/tmp/applicationname.ipa .
Unzip and review the contents
Now you are free to send through mobSF etc.
grep -iRf thickclient-basic.txt /root/Downloads/_decompileapkname_
First install docker on whichever system you are using.
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -echo 'deb https://download.docker.com/linux/debian stretch stable' > /etc/apt/sources.list.d/docker.listapt-get updateapt-get install docker-ce
docker pull opensecurity/mobile-security-framework-mobsfdocker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Upload .ipa/.apk and review results.
Check permissions and review all MOBSF findings
Review static files
Add proxy listener on all interfaces
Modify the proxy settings on the Android device to point to your Burp listening machine.
Ensure you save the settings.
Now you can intercept traffic to and from the app.
Walk the app and capture all of the traffic, once completed review proxy history and test accordingly.
Review data storage of app.
Review proxy history and follow typical API/ web application methodology to test.
$ strings appname | grep “<?xml”$ strings appname | grep “SELECT” (or select, insert, update… etc)$ strings appname | grep “http”$ strings appname | grep “cydia” (and others, to check for jailbreak tests)$ strings appname | grep “.com” (you never know, email addresses might be interesting)$ strings appname | grep “Crypt” (this will also show AESCrypt, for example)