iOS/macOS penetration testing cheatsheet
macOS Quick Look plugin for iOS & OSX developers
https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for .ipa .app .appex .mobileprovision .provisionprofile
https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm
Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)
Configure burp proxy on iOS device
– Visit [your_proxy_adress]:[proxy_port]/mobileassistant.deb
– Download file and install
Via iFile
Via ssh like `dpkg -i path/to/mobileassistant.deb
Respring
Launch Mobile Assistant
Add app in bottom panel
Turn-on switcher next to app
Launch your app
Congrats
More info here
NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)
AppSign / Rebuild / Resign / Inject / Useful tools
Tool
Description
Link
iFunBox
App
iFunBox
Appdb
Download&resign .ipa
Appdb
iphonecake
Download&resign .ipa
iphonecake
4pda
Download&resign .ipa
4pda
iTunes w/app tab
iTunes 12.6.3.6
Apple Support
Download old version .ipa
Manual how-to
Lifehacker
Extract data
Tool
Description
Link
Rasticrac
Jailbreak(+)
Rasticrac
Clutch
Jailbreak(+)
Clutch
bfinject
Jailbreak(+), iOS 11-12
bfinject
All in one (Inject > Repack > Resign > Upload)
Tool
Description
Link
IPA Patch
Xcode Project
IPA Patch
Resign
Xcode Project
Regisn
Slides and articles and links
Name
Link
Malware wellbeing on iOS devices
Slides
DVIA
Homepage
iGoat-Swift
Homepage
iOS-CTF
Homepage
Dynamic analysis of iOS apps w/o Jailbreak
Article En Article RU & Slides
Ro(o)tten Apples Vulnerability Heaven in the iOS Sandbox
Slides
Light and Dark side of Code Instrumentation
Slides
Комбайны безопасности для iOS и Android
Slides
Author: @ansjdnakjdnajkd
Do you want to add or fix? - Write to me or pull request!