Sunday, 16 April 2017

iOS Application Pentesting Part 4 : Installing iGoat Application

Picture taken from : https://www.owasp.org/index.php/OWASP_iGoat_Project

To perform hands on practice and learning we will use iGoat iOS Application part of OWASP Security Project. You can find their Github page here. This Mobile Application is designed as vulnerable for Security Professionals and learner to enhanced their Skills over iOS Application Pentesting.

This project is Maintained by following folks.
Swaroop
masbog
mtesauro
DinisCruz

Here is the Project Details



For later practices we will install this application XCode and run it, But i recommended you to use a Physical device while performing pentesting.

1) So first step to download the vulnerable iOS App.
Go to this URL - https://github.com/OWASP/igoat and Click download as zip right on the page.

2) Unzip the downloaded file and you will get a folder. igoat-master


3) Now go to igoat-master folder then iGoat folder. Here you will find a xcode project file
 iGoat.xcodeproj Open this file in xcode



3) Now select the device in top left panel as iphone 5,6 or 7 which you want ;)
In my case is Iphone6


4) Now click on play button  before this button, as a result you will see a large screen running our IGoat Application.


5) On this same screen go to windows menu and choose 50% in scale option.So our application running window will be convenient


Looks Great.

6) Now lets stat our server which will handle request of this application and required for further exercises.
On the same folder igoat-master you will find a folder called server open it. In this folder you will see a ruby file.
Just Run It !

So All Set Now ! And we are ready to perform our exercise steps.



iOS Application Pentesting Part 5 : 
Insecure HTTP Data Transit

<< Previous Post

iOS Application Pentesting Part 3 : Extracting iOS App Class Information

No comments:

Post a Comment