brew install ca-certificatesbrew install [email protected]brew install ldidbrew install usbmuxdbrew install libimobiledevice
越狱工具(对iOS设备进行越狱)
使用checkra1n越狱https://checkra.in/releases/https://www.jianshu.com/p/8beb21bcdae7使用unc0ver越狱https://unc0ver.dev/https://www.jianshu.com/p/5f2d33ba2fb5主流的越狱工具一般是半完美越狱,iOS设备重启后Cydia会闪退打不开,需要重新操作越狱流程https://palera.in/https://github.com/palera1n/palera1https://github.com/palera1n/palera1n/releases
https://theos.dev/docs/installation-ioshttps://github.com/AloneMonkey/MonkeyDev/wiki/%E5%AE%89%E8%A3%85
iOS越狱后的ssh连接手机
ssh root@127.0.0.1#iproxy-通过USB使用SSH连接iOS设备iproxy 9999 22 #端口转发ssh -p 9999 root@127.0.0.1
frida安装
https://build.frida.re#在cydia中添加frida源#cydia中搜索frida,根据iOS设备版本安装对应的frida服务端#Windows10电脑安装frida(特别注意frida版本要与手机中的frida版本保持一致)https://github.com/frida/fridahttps://github.com/frida/frida/releases
Filza File Manager安装,越狱设备的文件管理器Cydia源
http://tigisoftware.com/cydia/#TIGI Software ---> 全部工具 ---> Filza File Manager 64-bit
frida-ios-dump砸壳工具
git clone https://github.com/AloneMonkey/frida-ios-dump.gitcd frida-ios-dumppython -m pip install -r requirements.txt --upgradedump.py -lfrida-ps -Upython dump.py -H 127.0.0.1 -p 9999 -u root -P alpine <app_name>
查看iOS手机是否越狱
whoamiiOS App应用本地存储位置
/private/var/containers/Bundle/Application越狱插件路径
/Applications/正常安装路径
/private/var/mobile/Containers/Data/Application/安装iOS安装包
ideviceinstaller -i ***..ipaiOS查看系统日志
idevicesyslogiOS查看当前已连接的设备的UUID
idevice_id -liOS截图
idevicescreenshotiOS查看设备信息
ideviceinfoideviceinfo -u [udid] -k DeviceName #指定设备,获取设备名称:iPhone6sidevicename -u [udid] #指定设备,获取设备名称:iPhone6sideviceinfo -u [udid] -k ProductVersion #指定设备,获取设备版本:10.3.1ideviceinfo -u [udid] -k ProductType #指定设备,获取设备类型:iPhone8,1ideviceinfo -u [udid] -k ProductName #指定设备,获取设备系统名称:iPhone OS
iOS获取app列表和信息
ideviceinstaller -liOS获取设备时间
idevicedateiOS重启设备
idevicediagnostics restartiOS关机
idevicediagnostics shutdowniOS休眠
idevicediagnostics sleepiOS安装SSL Kill Switch 2以突破或绕过SSL Pinning、Certificate Pinning,解决Charles、Fiddler等网络代理工具开启SSL Proxying后HTTPS抓包,用于禁用iOS上的SSL/TLS的证书校验机制,以便能抓取到明文的数据包
https://github.com/nabla-c0d3/ssl-kill-switch2https://github.com/nabla-c0d3/ssl-kill-switch2/releasesscp -P 9999 com.nablac0d3.sslkillswitch2_0.14.deb root@127.0.0.1:/tmpdpkg -i com.nablac0d3.sslkillswitch2_0.14.debkillall -HUP SpringBoard#打开iOS设置,下滑找到SSL Kill Switch 2,确认Disable Certificate Validation已开启
FLEXLoader动态加载FLEX的越狱插件
https://github.com/FLEXTool/FLEXhttps://github.com/FLEXTool/FLEX/releaseshttps://cloud.tencent.com/developer/article/1873827
Zorro安装,Zorro是一款基于iOS端的参数修改工具
#添加软件源apt.jituvip.com#极兔软件源 ---> 佐罗Zorro ---> 安装6.6.1
iOS平台上轻松跟踪类、函数和修改方法的返回值
https://github.com/noobpk/frida-ios-hookhttps://github.com/noobpk/frida-ios-hook/releases
iOS安全测试框架
https://github.com/WithSecureLabs/needlehttps://github.com/WithSecureLabs/needle/releases
Frida Scripts
https://github.com/interference-security/frida-scriptshttps://github.com/interference-security/frida-scripts/tree/master/iOS
AppMon是监测和修改本地MacOS、iOS、Android系统API的自动化框架
git clone https://github.com/dpnishant/appmoncd appmon && git checkout LISTEN_MODEpython appmon.py -mode listencurl "http://127.0.0.1:5000/connect/?a=Gadget&spawn=0&p=iossim&s=scripts/iOS&ls=0&report=test"
推荐阅读
原文始发于微信公众号(哆啦安全):iOS安全基础
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论