IOS Application Security Part 9 - Analyzing Security of IOS Applications using Snoop-it

by Prateek Gianchandani
Oct. 8, 2017 0 comments INFOSEC Institute Pen Testing & Audits

In some of the previous articles, we have looked at how we can dump class information of IOS apps using class-dump-z, hook into the runtime using Cycript and perform runtime manipulation and method swizzling, analyze the flow of the app using gdb etc. However, there could be a much better way of doing these things. We shouldn’t be using seperate tools for all these tasks. It would be great if a tool could perform all these tasks and at the same time display the information in a much more presentable way. Snoop-it is a tool that solves these problems. It allows for runtime analysis and blackbox security assessment of IOS apps by retrofitting existing apps with debugging and runtime tracing capabilities. It also provides a very neat web interface. At the time of writing of this article, Snoop-it is not released yet but is a couple of weeks away from launch. I mailed the authors and they were nice enough to provide me with a beta version for testing. You can check out its official pag...