Learning iOS Penetration Testing

Summary

iOS forensics tools walkthrough

Data backup acquisition

Physical acquisition

The iOS filesystem

The iPhone hardware

Basics of iOS forensics

Chapter 9. Introducing iOS Forensics

Summary

Converting iDevice to a pentesting device

Creating iOS backdoor

Shell reverse TCP for iOS

Shell bind TCP for iOS

Setting up exploitation lab

Chapter 8. iOS Exploitation

Summary

Dynamic analysis on iOS Simulator

Runtime analysis using Snoop-it

Dynamic analysis using Cycript

Understanding Objective-C runtime

Chapter 7. The iOS App Dynamic Analysis

Summary

Hardening binary against reverse engineering

Analyzing iOS binary

Analyzing code by reverse engineering

Decrypting signed iOS applications

Decrypting unsigned iOS applications

Chapter 6. Analyzing iOS Binary Protections

Summary

Keyboard cache capturing sensitive data

Device logs leaking application sensitive data

Pasteboard leaking sensitive information

Data leakage via application screenshot

Chapter 5. Sealing up Side Channel Data Leakage

Summary

Bypassing SSL pinning

Web API attack demo

Intercepting traffic of iOS Simulator

Intercepting traffic over HTTPS

Intercepting traffic over HTTP

Chapter 4. Traffic Analysis for iOS Application

Summary

Insecure storage in keychain

Insecure storage in Core Data

SQL injection in iOS applications

Insecure storage in SQLite database

Insecure storage in the NSUserDefaults class

Insecure data in the plist files

Installing third-party applications

Introduction to insecure data storage

Chapter 3. Identifying the Flaws in Local Storage

Summary

Pentesting using iOS Simulator

Installing apps on iDevice

Installing utilities on iDevice

Connecting with iDevice

Jailbreaking iDevice

Need for jailbreaking

Chapter 2. Setting up Lab for iOS App Pentesting

Summary

OWASP Top 10 Mobile Risks

iOS application sandboxing

iOS application signing

iOS secure boot chain

iOS security model

iOS MVC design

Running apps on iDevice

Developing your first iOS app

Basics of iOS and application development

Chapter 1. Introducing iOS Application Security

Customer support

Reader feedback

Conventions

Who this book is for

What you need for this book

What this book covers

Preface

Support files eBooks discount offers and more

www.PacktPub.com

About the Reviewer

About the Author

Foreword – Why Mobile Security Matters

Credits

版权页

封面

封面

版权页

Credits

Foreword – Why Mobile Security Matters

About the Author

About the Reviewer

www.PacktPub.com

Support files eBooks discount offers and more

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Chapter 1. Introducing iOS Application Security

Basics of iOS and application development

Developing your first iOS app

Running apps on iDevice

iOS MVC design

iOS security model

iOS secure boot chain

iOS application signing

iOS application sandboxing

OWASP Top 10 Mobile Risks

Summary

Chapter 2. Setting up Lab for iOS App Pentesting

Need for jailbreaking

Jailbreaking iDevice

Connecting with iDevice

Installing utilities on iDevice

Installing apps on iDevice

Pentesting using iOS Simulator

Summary

Chapter 3. Identifying the Flaws in Local Storage

Introduction to insecure data storage

Installing third-party applications

Insecure data in the plist files

Insecure storage in the NSUserDefaults class

Insecure storage in SQLite database

SQL injection in iOS applications

Insecure storage in Core Data

Insecure storage in keychain

Summary

Chapter 4. Traffic Analysis for iOS Application

Intercepting traffic over HTTP

Intercepting traffic over HTTPS

Intercepting traffic of iOS Simulator

Web API attack demo

Bypassing SSL pinning

Summary

Chapter 5. Sealing up Side Channel Data Leakage

Data leakage via application screenshot

Pasteboard leaking sensitive information

Device logs leaking application sensitive data

Keyboard cache capturing sensitive data

Summary

Chapter 6. Analyzing iOS Binary Protections

Decrypting unsigned iOS applications

Decrypting signed iOS applications

Analyzing code by reverse engineering

Analyzing iOS binary

Hardening binary against reverse engineering

Summary

Chapter 7. The iOS App Dynamic Analysis

Understanding Objective-C runtime

Dynamic analysis using Cycript

Runtime analysis using Snoop-it

Dynamic analysis on iOS Simulator

Summary

Chapter 8. iOS Exploitation

Setting up exploitation lab

Shell bind TCP for iOS

Shell reverse TCP for iOS

Creating iOS backdoor

Converting iDevice to a pentesting device

Summary

Chapter 9. Introducing iOS Forensics

Basics of iOS forensics

The iPhone hardware

The iOS filesystem

Physical acquisition

Data backup acquisition

iOS forensics tools walkthrough

Summary