Mobile App Pentest

Mobile Application Penetration Testing - iOS and Andorid

Android

labs

Tools

  • frida : hooking method , bypassing root detection , bypassing cert pinning, etc .
  • Burpsuite : intercept request
  • apktool : reversing
  • Xposed Framework : hooking native method
  • Drozer : reverse engineerring
  • Tcpdump : capture the traffic
  • adb , fastboot : install apk , logging , push or pull file from devices.
  • sqlite browser : to browse sqlite database.
  • zipgrep : Searching purpose.
  • jdgui : code review
  • dex2jar : reverse engineering purpose
  • modSF : Dynamic Analysis
  • jarsigner : tool to sign and verify Java Archive (JAR/APK) files

Techniques

Tutorials & courses & books

CheckLists & Testing Guide

Public Exploits

iOS

jailbreak chart

Labs

Tools

  • Frida : hooking , bypassing , anlysis dynamic
  • GDB : Dynamic analysis
  • Cycript : Dynamic analysis
  • Clutch : Static Analysis
  • dumpdecrypted : dumping decrypted iPhone Applications to a file
  • class-dump : dumping class info
  • class-dump-z : dumping class info
  • otool : disassembler
  • strings : print all the strings in a given binary.
  • nm : utility that displays the symbol table of a given binary.
  • cydia impactor : for jailbreaking
  • openssh (cydia)
  • wget (cydia)
  • Erica Utilities
  • Snoop-it (cydia)
  • unzip (cydia)
  • adv-cmds (cydia)
  • usbmuxd : SSH over USB
  • syslogd
  • socat
  • burpsuite
  • iphonessh
  • idb

Techniques

Tutorials & courses & books

CheckLists & Testing Guide

Public Exploits

Checklist

Categories Issues
Network Certificate pinning
Weak Cipher
API to negotiated with SSL
Leak Info via Side Channel
Improper Usage of HTTP Method
Server Authentication
Injection
Session Management Issues
Server banners
Device Insecure Data Storage (log, database, keychain, NSUserDefaults, cache, etc)
JavaScript Execution(Webview)
Code Quality (codesign , debug symbol,free security features, etc ..)
Anti-reversing Detection(jailbreak/root detection, File integrity , Device Bonding )