Sunday 16 April 2017

iOS Application Pentesting Part 4 : Installing iGoat Application

Picture taken from :

To perform hands on practice and learning we will use iGoat iOS Application part of OWASP Security Project. You can find their Github page here. This Mobile Application is designed as vulnerable for Security Professionals and learner to enhanced their Skills over iOS Application Pentesting.

This project is Maintained by following folks.

Here is the Project Details

For later practices we will install this application XCode and run it, But i recommended you to use a Physical device while performing pentesting.

1) So first step to download the vulnerable iOS App.
Go to this URL - and Click download as zip right on the page.

2) Unzip the downloaded file and you will get a folder. igoat-master

3) Now go to igoat-master folder then iGoat folder. Here you will find a xcode project file
 iGoat.xcodeproj Open this file in xcode

3) Now select the device in top left panel as iphone 5,6 or 7 which you want ;)
In my case is Iphone6

4) Now click on play button  before this button, as a result you will see a large screen running our IGoat Application.

5) On this same screen go to windows menu and choose 50% in scale option.So our application running window will be convenient

Looks Great.

6) Now lets stat our server which will handle request of this application and required for further exercises.
On the same folder igoat-master you will find a folder called server open it. In this folder you will see a ruby file.
Just Run It !

So All Set Now ! And we are ready to perform our exercise steps.

iOS Application Pentesting Part 5 : 
Insecure HTTP Data Transit

<< Previous Post

iOS Application Pentesting Part 3 : Extracting iOS App Class Information

No comments:

Post a Comment