Tools we need for iOS Testing:
Mobile Security Framework MobSF: https://github.com/MobSF/Mobile-Security-Framework-MobSF
Apple Configurator 2: https://apps.apple.com/in/app/apple-configurator-2/id1037126344?mt=12
Unc0ver Download: https://topstore.vip/index.html
Objection Install: pip3 install objection
Frida Install: pip install frida-tools
1. Installing MOBSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
How to install MOBSF:
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
After that you can run MOBSF by running command
Go to browser and open
2. Jailbreaking iPhone
Jailbreaking is the privilege escalation of an Apple device for the purpose of removing software restrictions imposed by Apple on iOS, iPadOS, tvOS and watchOS operating systems.
Check iOS version
Go to https://altstore.io/ Download Altstore application I’m using Macbook so ITunes is not required to install app in mobile if you are using windows make sure you install full version ITunes from the following link: https://support.apple.com/downloads/itunes
Connect your iPhone with Macbook via cable and install Altstore application your iCloud credentials are required you can create a new one if you don’t want to use your.
Enter your username and Password here
After that go to https://iosninja.io/ipa-library/download-unc0ver-jailbreak-ios-12-iphone-ipad-ipod from your mobile safari browser.
Once download is finished you can open application in AltStore
You can see unc0ver is successfully install now you can open unc0ver application and run the jailbreak.
Install Mterminal from Cydia
Open Cydia Store and search Mterminal and install it.
3. SSH Connection
After that you need to install Openssh to get ssh connection for your iPhone.
You can find your device ip from
Settings > Wifi > Connected Wifi name > Click on info.
SSH Default Credentials:
root – alpine
mobile – alpine
4. Jailbreak Detection Bypass
Install Liberty Lite from Cydia store.
You can find Liberty Lite in your device settings
You can select apps from block Jailbreak Detection
5. SSL Pinning Bypass
Download SSL kill switch2 from https://github.com/nabla-c0d3/ssl-kill-switch2/releases/download/0.14/com.nablac0d3.sslkillswitch2_0.14.deb
Copy file on mobile
Open Mterminal which we installed before to install Openssh and run
After that install file which we copied earlier
dpkg -i ssl.deb
SSLKIll successfully installed now you can go to device setting to check the same.
You can bypass ssl pinning by disabling certificate validation .
6. Installing Frida
Add source in Cydia Store and let it update the resources
Once done search Frida in search-box and install it.
7. Installing Frida in Computer
pip install frida-tools
After installing do a small test
Connect mobile to computer via cable and run following command
8. Installing Objection
objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
Run following command to install Objection
pip3 install objection
Small test to see we have install everything successfully .
objection -g applicationname explore
How to install IPA file in iPhone.
Install Apple configurator from link we provided in tool list and launch it.
Connect your phone via cable and give access to mobile.
Click on add and select Apps
After that click on choose from my mac and select IPA file it will be installed on your phone now you are ready to go.
Stay tuned for part II where we will talk more about Objection and Frida.