OS Device Jailbreaking
At first we have to jailbreak the ios device. The process involved are listed below.- To get started we have to connect the iOS device to a Linux machine.
- Start the checkra1n application by opening a terminal and entering the “sudo checkra1n “command.
- In the checkra1n user interface, click the “Start” button. Your device will enter recovery mode as a result.
- To put your device into DFU (Device Firmware Update) mode, listen to the on-screen directions.
- Your device will restart after the jailbreak procedure is finished.
- Your device should display the checkra1n app icon on your home screen once it has restarted after jailbreaking. Be patient; it can take a while for the icon to show.
- You may install the Cydia app by opening the checkra1n app and selecting “Cydia > Install Cydia” once you’ve seen the icon.
Installing Necessary Tools For Testing
- Open Cydia after the installation is finished, then select Manage > Sources > Edit > Add.
- Click Add Source after entering the URL of the repository you want to add.
- Only the repos are installed, thus we must download any further applications needed for testing.
- Once repositories have been added, you can use Cydia’s search function to locate and install the packages you require for iOS penetration testing.
- You’ll also require Frida, Appsync Unified, HideJB, Ssl Killswitch 2, and Appsync Unified. you can look for these packages in Cydia by typing the names and install them.
- Navigate to the Search tab in Cydia.
- To find a package you want to install, type its name (for example, HideJB) and click Enter.
- Find the package in the search results, then tap it to see the package page.
- To start the installation procedure, tap on Install.
- The package will be downloaded and installed on your device by Cydia. Following installation, you can use the package as required.
Note:
Hidejb – Hidejb is used to cover up the jailbreak so that the application can be installed on the device without difficulty.
Frida – Software experts can run their own scripts on software that has typically been locked down using the free dynamic instrumentation toolkit called Frida.
Appsync Unified – Ad-hoc signed, fakesigned, or unsigned IPA app bundles that iOS would otherwise deem invalid can be freely installed on iOS devices with the help of the tweak AppSync Unified.
SSL KillSwitch 2 – It allows for security testing, analysis, and monitoring of encrypted network traffic by intercepting SSL/TLS connections on a device.
Setting Up Burpsuite To Intercept Traffic Of The Device
- On your computer, launch Burp and select the Proxy > Options > Proxy Listeners tab.
- Edit and set any port (such as 4444) and your system’s IP address to a specific address to receive only traffic from iOS devices.
- Open Settings > Wi-Fi on your iOS device, select the Wi-Fi network, and then connect to the same Networks as your computer.
- Choose Manual under Configure Proxy, then enter your laptop’s IP address and port (for example, 192.16.0.1:4444). Restore the changes.
- On your iOS device, launch Safari and type http://burp. After downloading the Burp certificate, select Allow.
- Select Install under General > Profile > PortSwigger CA in the Settings app. To complete the installation, click Done.
- Go to General> About> Certificate Trust Settings in the Settings app and turn on the switch next to the Portswigger CA certificate.
Following these procedures, the Burp certificate will be applied to your iOS device, enabling you to record the device’s network activity.
For further clarifications or support, please write to contact@paradigmitcyber.com