iOS Testing Lab Setup Guide – Part I

Tools we need for iOS Testing:

______________________________________________________________________________

Mobile Security Framework MobSF: https://github.com/MobSF/Mobile-Security-Framework-MobSF

Apple Configurator 2: https://apps.apple.com/in/app/apple-configurator-2/id1037126344?mt=12

Unc0ver Download: https://topstore.vip/index.html

Objection Install: pip3 install objection

Frida Install: pip install frida-tools

Impactor: http://www.cydiaimpactor.com

SqliteBrowser: https://sqlitebrowser.org/

iFunbox: http://www.i-funbox.com/en/index.html

Altstore: https://altstore.io

______________________________________________________________________________

1. Installing MOBSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

How to install MOBSF:

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git

cd Mobile-Security-Framework-MobSF

./setup.sh

After that you can run MOBSF by running command

./run.sh

Go to browser and open http://127.0.0.1:8000

2. Jailbreaking iPhone

Jailbreaking is the privilege escalation of an Apple device for the purpose of removing software restrictions imposed by Apple on iOS, iPadOS, tvOS and watchOS operating systems.

Check iOS version

Go to https://altstore.io/ Download Altstore application I’m using Macbook so ITunes is not required to install app in mobile if you are using windows make sure you install full version ITunes from the following link: https://support.apple.com/downloads/itunes

Connect your iPhone with Macbook via cable and install Altstore application your iCloud credentials are required you can create a new one if you don’t want to use your.

Enter your username and Password here

After that go to https://iosninja.io/ipa-library/download-unc0ver-jailbreak-ios-12-iphone-ipad-ipod from your mobile safari browser.

Once download is finished you can open application in AltStore

You can see unc0ver is successfully install now you can open unc0ver application and run the jailbreak.

Install Mterminal from Cydia

Open Cydia Store and search Mterminal and install it.

3. SSH Connection

After that you need to install Openssh to get ssh connection for your iPhone.

You can find your device ip from Settings > Wifi > Connected Wifi name > Click on info.

SSH Default Credentials:

root – alpine

mobile – alpine

4. Jailbreak Detection Bypass

Install Liberty Lite from Cydia store.

You can find Liberty Lite in your device settings

You can select apps from block Jailbreak Detection

5. SSL Pinning Bypass

Download SSL kill switch2 from https://github.com/nabla-c0d3/ssl-kill-switch2/releases/download/0.14/com.nablac0d3.sslkillswitch2_0.14.deb

Copy file on mobile

Open Mterminal which we installed before to install Openssh and run

SU

After that install file which we copied earlier

dpkg -i ssl.deb

SSLKIll successfully installed now you can go to device setting to check the same.

You can bypass ssl pinning by disabling certificate validation .

6. Installing Frida

Add source in Cydia Store and let it update the resources

https://build.frida.re

Once done search Frida in search-box and install it.

7. Installing Frida in Computer

pip install frida-tools

After installing do a small test

Connect mobile to computer via cable and run following command

frida-ps -U

8. Installing Objection

objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

Run following command to install Objection

pip3 install objection

Small test to see we have install everything successfully .

objection -g applicationname explore

Extra:

How to install IPA file in iPhone.

Install Apple configurator from link we provided in tool list and launch it.

Connect your phone via cable and give access to mobile.

Click on add and select Apps

After that click on choose from my mac and select IPA file it will be installed on your phone now you are ready to go.

Stay tuned for part II where we will talk more about Objection and Frida.

🙂

One Reply to “iOS Testing Lab Setup Guide – Part I”

Leave a Reply