Add tcpdump to 0x06b - Githubissues

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

https://mas.owasp.org/

Creative Commons Attribution Share Alike 4.0 International

11.59k stars 2.29k forks source link

Add tcpdump to 0x06b #2105

Closed cpholguera closed 1 year ago

cpholguera commented 2 years ago

Add tcpdump (after testing against the latest iOS) and check if there's anything else worth adding from the refs below (sslsplit?).

Refs:

https://blog.jjhayes.net/wp/2019/02/28/capture-iphone-network-traffic-with-tcpdump-and-wireshark/
https://iphelix.medium.com/ios-data-interception-b3a393e80c82 (2013, verify that it still works)
https://www.mustafadur.com/blog/intercepting-ssl-and-https/ (incl. SSLSPLIT)

cgarst commented 1 year ago

I can take this one. My thought is to document how tcpdump can be used to capture on the device and stream it via SSH into a PCAP file on the workstation. This is effectively an alternative to the RVI mechanism which doesn't require a USB cable. I will put it after the existing RVI instructions. I can also include instructions for importing the HTTP proxy's private key into Wireshark to decrypt some of the resultant PCAP.

cpholguera commented 1 year ago

Sounds great @cgarst, I've assigned it to you. Thank you!