Skip to content

Intercepting Flutter iOS Application

lethanhphuc edited this page Aug 30, 2021 · 5 revisions

References: Intercepting Flutter iOS Application

Pre-Requisites:

  • Jailbroken iOS device.
  • Burp Suite up and running.
  • OpenVPN application installed in your iOS device.
  • Liberty - Root detection bypass Cydia Repo.
  • Filza - To extract ipa from iOS device Cydia Repo
  • Your system and mobile device must be connected to same wifi network.
  • Must have Frida installed in your system as well as in iOS device.
  • Must have Ghidra or any binary analyzer tool pre installed in your system.

Brief Process:

  1. We are going to create one OpenVPN connection file, Configure it in our iOS device using OpenVPN application and stablish the connection.
  2. Using Iptable command we will route the device traffic through our system.
  3. find and analyze the binary which contains the SSL verification code.
  4. Using frida we will bypass the SSL verification implementation.

Let’s Get Started:

  1. First install OpenVPN application to the iOS device from app store
  2. Create OpenVPN file to connect:

Use below command to download one script which helps us in creating OpenVPN file as per our need. Script: https://github.com/Nyr/openvpn-install

~$ sudo wget https://git.io/vpn -O openvpn-install.sh

~$ sudo sed -i "$(($(grep -ni "debian is too old" openvpn-install.sh | cut  -d : -f 1)+1))d" ./openvpn-install.sh

~$ sudo chmod +x openvpn-install.sh

~$ sudo ./openvpn-install.sh

After running Scripts Select Below options:

Which IPv4 address should be used?  
> Select option of your system IP. i.e. 192.168.1.118
    
Public IPv4 address / hostname []:
> Provide your system IP i.e. 192.168.1.118
    
Protocol [1]: 1
Port [1194]: 1194
DNS server [1]: 1
Name [client]: flutter_pentest

And Press enter. OpenVPN file will be created at /root/flutter_pentest.ovpn

  1. Install OpenVPN file to device:

python3 -m http.server 8081 --directory /root/

Open the downloaded ovpn file using OpenVPN, configure and connect to it.

Note: You can start openvpn in your system through below command:

~$ sudo service openvpn start

  1. Route the traffic and burp proxy configuration:

Run below commands to route the traffic from your iOS device through your system.

Note: In the last command the provided IP is your iOS device IP i.e. 192.168.1.101.

~$ sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080
~$ sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 443 -j REDIRECT --to-port 8080
~$ sudo iptables -t nat -A POSTROUTING -s 192.168.1.101/24 -o eth0 -j MASQUERADE
  1. Config BurpSuite

image

image

  1. Bypass Flutter SSL

./ioshook -p <application> -s frida-scripts/bypass-flutter-ssl.js

Clone this wiki locally