Skip to content
/ mobile-pentest Public

Some notes for my mobile pentest guidance for both Android and iOS.

8 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

saitamang/mobile-pentest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

Android Mobile Application Testing Cheatsheet.docx

Android Mobile Application Testing Cheatsheet.docx

 
 

Mobile_App_Security_Checklist-English.xlsx

Mobile_App_Security_Checklist-English.xlsx

 
 

README.md

README.md

 
 

iOS Mobile Application Testing Cheatsheet.docx

iOS Mobile Application Testing Cheatsheet.docx

 
 

Repository files navigation

Mobile-Pentest

Some notes for my mobile pentest guidance for both Android and iOS. Read below-->

Android and iOS Penetration Testing

Mobile Pentest Area of analysis:

  1. Mobile forensics and data recovery
  2. Network, web services and API testing
  3. Server-side penetration testing
  4. Reverse engineering and code analysis

Mobile data at REST

a) Where can be found:

  • Private application folder - folder that created when installing apps
  • SD card - another storage for android
  • system log files - generated for application logs and the device its self including the debugging
  • keychain - IFP chain store sensitive data
  • ram - temp stored data
  • source code(hardcoded) - sensitive password and other values inside the code itself
  • web cache/history(hybrid/web-wrapper apps) - have data store on browser

b) Tools for data recovery and analysis:

File system Android -- debug bridge("adb pull" command) iOS -- libimobiledevice

System Log Files Android -- logcat command-line-tool iOS -- Syslog (instruction for non-developers)

iOS Keychain iOS Keychain analyzer

RAM Android -- Android debug bridge("adb dumpsys meminfo") iOS -- heapdump-ios

1. Mobile forensics and data recovery

Android

a) locate your app(adb) 

adb shell		//access the device shell
cd data/data	//locate the app data directory
ls				//find the app private directory

b) pull app data off phone

adb pull data/data/com/anydo AnyDo	//adb pull <data-path-source> <destination>

c) Analyze app data

sqliteman - see stored data

iOS

a) locate your app(adb)

#App bundle data location:

cd /private/var/mobile/Containers/
ls

#App bundle location:

cd Application/
ls

#App data locations:

cd Application/
ls

#Sort by most recently installed:

ls -lat

#change directory to the latest app(the one you just installed for testing):

cd 983FCV4-........./
cd Library/Preferences/
ls

#make note of full path from previous step:

/private/var/mobile/Containers/Application/983FCV4-........./(for example)

#Scp command to copy file from app folder:

~/Desktop scp -r root@192.168.xx.xx://private/var/mobile/Containers/Application/983FCV4-......... App-Files/

b)Analyze the file

  1. SQLite database
  2. plist
  3. xml files
  4. Look for data stored as common hashes/encoding(base64,md5,sha256,etc)
  5. when searching for data in large files, command line tools are best: try grep
  6. don't limit yourself: explore storage locations from common one
  7. iOS app use the "Cache.db" file, which often large amount of data

About

Some notes for my mobile pentest guidance for both Android and iOS.

Resources

Readme
Activity

Stars

8 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •