pentesting native iPhone app on Simulator

[Whitehat]

Hi Group,

I need to test an iPhone native app using simulator and going through the online content got an overview. But wondering on how to capture traffic of native app on iOS  using Simulator?

1. Is there a tool like "Echo Mirage" for iOS so that I can capture and modify app traffic?
2. What are will be uncovered, if I use only Simulator rather than actual device?

Can someone help me on this?

Regards,
Whitehaat

[eQuiNoX]

Have you tried using Burp? I vaguely recall being able to set it as a global proxy and have the requests from the simulator go through it.

-- eq

--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[sreenivas rao]

Hope this doc will help you.

Regards,

Sree.

On Tue, Jun 25, 2013 at 11:11 AM, Whitehat <ravig...@gmail.com> wrote:

[Dinesh Shetty]

Well.. I am assuming you are using a Mac because there is no iOS simulator for windows that can run a native iOS application.

On Mac: You can see this video to understand how to set up a global proxy on you macbook. Point it to your locally running burp instance and you are good to go. All the traffic from your Mac including your native application will go through Burp and you can easily tamper with it.

Dinesh Shetty

On Tue, Jun 25, 2013 at 11:11 AM, Whitehat <ravig...@gmail.com> wrote:

[Rajesh A.]

Hi,

The easy way is install MAC in VirtualBox or some virtualxxx and then run IOS emulator inside that. and you will get plenty of options to trap/modify/etc. the communication.

There is a project going on Linux emulator - check this as well If U have a Linux box.. but go for the first easy way ;) 

http://www.iemu.org/index.php/Main_Page

R@J

On Tue, Jun 25, 2013 at 11:11 AM, Whitehat <ravig...@gmail.com> wrote:

[Whitehat]

Hi Dinesh,

Yes, using Mac PC. Will check the video. Thanks to  eQuiNoX and Sree too for quick reply.

As per the online resources till now, many suggested to use actual device (rooted) instead of simulator for iOS , but I won't be getting device here:

So what are the limitations/uncovered areas if Simulator is used for testing?


Thanks,
Whitehaat.

[Sunil Kumar]

You can find VMWare Imaged for OS X 10.8. I have a working copy. 

http://www.souldevteam.net/blog/2013/03/22/os-x-mountain-lion-10-8-3-vmware-image/

===============
     SunilKumar

------------------------------

http://in.linkedin.com/in/sunilkr86/

http://30d4.blogspot.in/
===============

[Whitehat]

Yes,R@J !! It will be an easier way. But due to iOS license restrictions, possibly I wouldn't be provided it on VM on Windows :(

[Dinesh Shetty]

Considering that you have access to the source code and are building the application on your machine using Xcode, then you won't face any issues while testing the application. It would be straight forward as testing on actual device.

If you do not have access to the build source, am sorry to say but be ready to face some hurdles.

Dinesh Shetty