Рет қаралды 16,702
Hey everyone, it's been a while! Welcome to the finding your first bug series! This week I'm going to show you the basics of iOS testing, this is part one of this series and we'll be covering the absolute basics of how to jailbreak a device, bypass the SSL pinning, and get the device to traffic through Burp on another device.
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
So to get started with iOS hacking you don't need any specific skills, we're going to go through it all! You will need an iOS device that you're okay to jailbreak, I'm using an iPad Mini 4, but many devices are vulnerable to checkra1n, if you're on windows you can use unc0ver as your jailbreak too. Coming up soon in this guide, the live demo stream next week and then frida and more advanced iOS bugs. See you all soon!
Checkra1n: checkra.in
SSL Kill Switch: github.com/nabla-c0d3/ssl-kil...
Reading ahead? Here's what we'll cover next time:
Frida: frida.re/docs/ios/
Inspecting Apps: resources.infosecinstitute.co...
Objection: www.allysonomalley.com/2018/1...
If your internet isn't stable, iproxy setup to proxy over USB: spaceraccoon.dev/from-checkra...
XSS in an iOS app: www.allysonomalley.com/2018/1...
Top mobile app bugs: www.allysonomalley.com/2020/0...
Credential hunting: spaceraccoon.dev/low-hanging-...