Random tech writeups.

My jailbroken device is on 12.4, use  https://github.com/Samgisaninja/SuccessionRestore  to restore. This works by download the IPSW and restoring the device to its current version. Make sure you've backed up the data before launching the process to restore.  

So in one of my iOS app pentest the app was distributed on TestFlight, I needed a clean IPA to makesure, I review the app after unpacking it. The option was for me to use a Jailbroken device and use Ext3nder, which allows the app to be re-packaged. Once you do that you could use SCP to download the IPA and use it to analyse or side load through xCode.

https://github.com/ChiChou/bagbak  <-- just follow the instructions here, note this only applies with a JailBroken device, and you have frida running on the iDevice. 

Intro I recently had a fair bit of difficulty arriving at a suitable network setup for pen testing an iOS app (Note this is a hybrid app - and heavily based on APIs), as I was testing an environment behind VPN (such as Cisco Anyconnect), I had go for dual vpn setup to access the APIs within the Corporate network. So I wrote this article basically to make sure this will help someone and more importantly I don't forget . One of the primary goal with any pentesting is to MITM the traffic from the iDevice. This can be achieved by using OpenVPN (on Ubuntu VM) and OpenConnect Client (on iDevice). Additionally, we need to ensure the Burp invisible proxy is enabled, literally we are treating the app as a proxy-unaware app. Credits: https://security.stackexchange.com/questions/190568/optimal-way-to-capture-https-traffic-on-proxy-unaware-ios-applications https://portswigger.net/burp/documentation/desktop/tools/proxy/options/invisible Pre-Reqs: Jail-Broken iPhone(iDevice) (I...