Learning iOS Penetration Testing电子书

Learning iOS Penetration Testing

Table of Contents

Learning iOS Penetration Testing

Credits

Foreword – Why Mobile Security Matters

About the Author

About the Reviewer

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

1. Introducing iOS Application Security

Basics of iOS and application development

Developing your first iOS app

Running apps on iDevice

iOS MVC design

iOS security model

iOS secure boot chain

iOS application signing

iOS application sandboxing

OWASP Top 10 Mobile Risks

Weak server-side controls

Insecure data storage

Insufficient transport layer protection

Side channel data leakage

Poor authorization and authentication

Broken cryptography

Client-side injection

Security decisions via untrusted input

Improper session handling

Lack of binary protections

Summary

2. Setting up Lab for iOS App Pentesting

Need for jailbreaking

What is jailbreak?

Types of jailbreaks

Hardware and software requirements

Jailbreaking iDevice

Adding sources to Cydia

Connecting with iDevice

Transferring files to iDevice

Connecting to iDevice using VNC

Installing utilities on iDevice

Installing idb tool

Installing apps on iDevice

Pentesting using iOS Simulator

Summary

3. Identifying the Flaws in Local Storage

Introduction to insecure data storage

Installing third-party applications

Insecure data in the plist files

Insecure storage in the NSUserDefaults class

Insecure storage in SQLite database

SQL injection in iOS applications

Insecure storage in Core Data

Insecure storage in keychain

Summary

4. Traffic Analysis for iOS Application

Intercepting traffic over HTTP

Intercepting traffic over HTTPS

Intercepting traffic of iOS Simulator

Web API attack demo

Bypassing SSL pinning

Summary

5. Sealing up Side Channel Data Leakage

Data leakage via application screenshot

Pasteboard leaking sensitive information

Device logs leaking application sensitive data

Keyboard cache capturing sensitive data

Summary

6. Analyzing iOS Binary Protections

Decrypting unsigned iOS applications

Decrypting signed iOS applications

Analyzing code by reverse engineering

Analyzing iOS binary

Hardening binary against reverse engineering

Summary

7. The iOS App Dynamic Analysis

Understanding Objective-C runtime

Dynamic analysis using Cycript

Runtime analysis using Snoop-it

Dynamic analysis on iOS Simulator

Summary

8. iOS Exploitation

Setting up exploitation lab

Shell bind TCP for iOS

Shell reverse TCP for iOS

Creating iOS backdoor

Converting iDevice to a pentesting device

Summary

9. Introducing iOS Forensics

Basics of iOS forensics

The iPhone hardware

The iOS filesystem

Physical acquisition

Data backup acquisition

iOS forensics tools walkthrough

Elcomsoft iOS Forensic Toolkit (EIFT)

Open source and free tools

Summary

Index