Posts

Showing posts from January, 2022

Penetration Testing of iOS Applications

Pentesting Testing of iOS Applications ++++Installing Frida and Objection: pip install -U objection pip install -U frida https://build.frida.re frida-ps -U frida-ps -Uai ++++Application Exploration: A-To browse applications file- ls B- Print current directory pwd print C-To browse applications file cd /folder/path/name ++++Sensitive Data Exposure 1. Dump .plist files: A- Print environment information env B-Go to document folder cd /var/mobile/Containers/Data/Application/<>/Documents ls C-Download .plist file file download Credentials.plist creds.plist It will get stored in your “C:\Users\USERNAME” path as “creds.plist” name. D-To read that downloaded file: !type creds.plist 2. Dump keychain file of Target Application: ios keychain dump 3. Dump sqlite files: A-Print environment information env B-Goto document folder cd /var/mobile/Containers/Data/Application/<>/Documents C-Download .sqlite file sqlite connect /var/mobile/Containers/Data/Application/<>/Documents/Credent