There have been times when a penetration
tester is not able to install iOS application on a physical device while performing iOS application security assessment. This can
happen due to various reasons:
- Application does not support your iOS firmware version
- Pentester does not own iOS device or is not jailbroken
- Pentester cannot install .IPA file using iTunes
If one of the above happened to you then
you need to go back to customer and ask for application’s Xcode project. Once you
have this, open the xcworkspace file
in Xcode and simply run the code. Ensure you select iOS simulator device to run
your application. Here’s how you can do this:
XcodeàProductàDestinationàChoose Device
Once you have this, you should be able to
run your application in iOS simulator. What next?
Next, I would suggest you to browse the
application, input data, create records, etc. within the application. This will
make the application run as in you are in real environment and allow
application to do all scary stuff on your Simulator.
To inspect what application has stored
locally, browse to below path (using Finder or Terminal):
~/Library/Application Support/iPhone
Simulator/7.0.3/Applications/<UNIQUE_ID>/Documents
~/Library/Application Support/iPhone
Simulator/7.0.3/Applications/<UNIQUE_ID>/Library
In above locations, you should be able to
view below folders:
Caches - Stores application database files
Preferences - Stores application .plist files
You can now view .plist files using any text editor and could view database files using SQLiteStudio (free lightweight utility). The tool is really simple to operate and gets
you what you are looking for very quickly.
Happy Reading!!!
