|Picture taken from : https://www.owasp.org/index.php/OWASP_iGoat_Project|
To perform hands on practice and learning we will use iGoat iOS Application part of OWASP Security Project. You can find their Github page here. This Mobile Application is designed as vulnerable for Security Professionals and learner to enhanced their Skills over iOS Application Pentesting.
This project is Maintained by following folks.
Here is the Project Details
For later practices we will install this application XCode and run it, But i recommended you to use a Physical device while performing pentesting.
1) So first step to download the vulnerable iOS App.
Go to this URL - https://github.com/OWASP/igoat and Click download as zip right on the page.
2) Unzip the downloaded file and you will get a folder. igoat-master
3) Now go to igoat-master folder then iGoat folder. Here you will find a xcode project file
iGoat.xcodeproj Open this file in xcode
3) Now select the device in top left panel as iphone 5,6 or 7 which you want ;)
In my case is Iphone6
5) On this same screen go to windows menu and choose 50% in scale option.So our application running window will be convenient
6) Now lets stat our server which will handle request of this application and required for further exercises.
On the same folder igoat-master you will find a folder called server open it. In this folder you will see a ruby file.
Just Run It !
So All Set Now ! And we are ready to perform our exercise steps.
iOS Application Pentesting Part 5 :
Insecure HTTP Data Transit
<< Previous Post
iOS Application Pentesting Part 3 : Extracting iOS App Class Information