This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label Introspy. Show all posts
Showing posts with label Introspy. Show all posts

[Introspy] Security profiling for blackbox iOS

February 13, 2014  , , , ,  


Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues.

The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records details of relevant API calls, including arguments and return values and persists them in a database. Additionally, the calls are also sent to the Console for real-time analysis.

How Introspy works

The tool comprises two separate components: Introspy-iOS and Introspy-Analyzer.

Introspy-iOS is a tracer that can be installed on a jailbroken iOS device. It will hook security-sensitive APIs called by a given application, including functions related to cryptography, IPCs, data storage / protection, networking, and user privacy. The call details are all recorded and persisted in a SQLite database on the device

This database can then be fed to Introspy-Analyzer, which generates an HTML report displaying all recorded calls, plus a list of potential vulnerabilities affecting the application.

Read More

[Introspy] Monitor app in your iDevice

August 20, 2013  , , ,  

The Problem

In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various APIs and the ability to use relatively complex, generic tools such as Cycript, or Mobile Substrate - or just jump straight into the debugger.

To simplify this process, we are releasing Introspy - an open-source security profiler for iOS. Introspy is designed to help penetration testers understand what an application does at runtime.

How Introspy works


The tool comprises two separate components: an iOS tracer and an analyzer.

The iOS tracer can be installed on a jailbroken iOS device. It will hook security-sensitive APIs called by a given application, including functions related to cryptography, IPCs, data storage / protection, networking, and user privacy. The call details are all recorded and persisted in a SQLite database on the device.

This database can then be fed to the Introspy analyzer, which generates an HTML report displaying all recorded calls, plus a list of potential vulnerabilities affecting the application.

Tracer


Once installed, the tracer will store in a SQLite database all calls made by iOS applications to security-sensitive APIs.

Read More
Subscribe to: Posts (Atom)