Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

[Introspy] Security profiling for blackbox iOS

$
0
0

Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues.

The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records details of relevant API calls, including arguments and return values and persists them in a database. Additionally, the calls are also sent to the Console for real-time analysis.

How Introspy works

The tool comprises two separate components: Introspy-iOS and Introspy-Analyzer.

Introspy-iOS is a tracer that can be installed on a jailbroken iOS device. It will hook security-sensitive APIs called by a given application, including functions related to cryptography, IPCs, data storage / protection, networking, and user privacy. The call details are all recorded and persisted in a SQLite database on the device

This database can then be fed to Introspy-Analyzer, which generates an HTML report displaying all recorded calls, plus a list of potential vulnerabilities affecting the application.


Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>