-
-
Notifications
You must be signed in to change notification settings - Fork 152
Intercepting Flutter iOS Application
References: Intercepting Flutter iOS Application
- Jailbroken iOS device.
- Burp Suite up and running.
- OpenVPN application installed in your iOS device.
- Liberty - Root detection bypass Cydia Repo.
- Filza - To extract ipa from iOS device Cydia Repo
- Your system and mobile device must be connected to same wifi network.
- Must have Frida installed in your system as well as in iOS device.
- Must have Ghidra or any binary analyzer tool pre installed in your system.
- We are going to create one OpenVPN connection file, Configure it in our iOS device using OpenVPN application and stablish the connection.
- Using Iptable command we will route the device traffic through our system.
- find and analyze the binary which contains the SSL verification code.
- Using frida we will bypass the SSL verification implementation.
- First install OpenVPN application to the iOS device from app store
- Create OpenVPN file to connect:
Use below command to download one script which helps us in creating OpenVPN file as per our need. Script: https://github.com/Nyr/openvpn-install
~$ sudo wget https://git.io/vpn -O openvpn-install.sh
~$ sudo sed -i "$(($(grep -ni "debian is too old" openvpn-install.sh | cut -d : -f 1)+1))d" ./openvpn-install.sh
~$ sudo chmod +x openvpn-install.sh
~$ sudo ./openvpn-install.sh
After running Scripts Select Below options:
Which IPv4 address should be used?
> Select option of your system IP. i.e. 192.168.1.118
Public IPv4 address / hostname []:
> Provide your system IP i.e. 192.168.1.118
Protocol [1]: 1
Port [1194]: 1194
DNS server [1]: 1
Name [client]: flutter_pentest
And Press enter. OpenVPN file will be created at /root/flutter_pentest.ovpn
- Install OpenVPN file to device:
python3 -m http.server 8081 --directory /root/
Open the downloaded ovpn file using OpenVPN, configure and connect to it.
Note: You can start openvpn in your system through below command:
~$ sudo service openvpn start
- Route the traffic and burp proxy configuration:
Run below commands to route the traffic from your iOS device through your system.
Note: In the last command the provided IP is your iOS device IP i.e. 192.168.1.101.
~$ sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080
~$ sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 443 -j REDIRECT --to-port 8080
~$ sudo iptables -t nat -A POSTROUTING -s 192.168.1.101/24 -o eth0 -j MASQUERADE
- Config BurpSuite
- Bypass Flutter SSL
./ioshook -p <application> -s frida-scripts/bypass-flutter-ssl.js