Re: Iphone pen test?



Man in the middle a la arp spoofing

- Adam Mooz
http://www.AdamMooz.com
Sent from my iPhone, please excuse any typos.

On 2010-06-21, at 3:34 PM, Adam Richards <adam.richards@xxxxxxxxxx>
wrote:

Is the iPhone Jailbroken? If so you can use tcpdump and ssh or mobile
terminal to capture the traffic and scp it back to your workstation.
If it's stock you can connect it to you AP and sniff the wireless
traffic. If you have an AP that you can create a span port on it from
the wireless to a wired port you could also sniff the traffic off of
it.


Adam Richards, CISSP | CEH



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of yasser.alruhaily@xxxxxxxxx
Sent: Monday, June 21, 2010 1:57 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Iphone pen test?

Hi all,



i have an assignment to pentest iphone application. how can I
intercept
the data before send it out to the server?



Is there any application could run in iphone as intercepting proxy?

how can i check buffer over flow errors?



thanx

YassEr

---
---------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require
a full practical examination in order to become certified.

http://www.iacertification.org
---
---------------------------------------------------------------------


---
---------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification
Review Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.

http://www.iacertification.org
---
---------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Iphone pen test?
    ... These come with loads of dev tools, including an iphone emulator which you can test code on with a lot more debug info available. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • RE: Iphone pen test?
    ... joining your wireless hacker LAN. ... Subject: Iphone pen test? ... Information Assurance Certification Review ... actually do a proper penetration test. ...
    (Pen-Test)
  • RE: Iphone pen test?
    ... Is the iPhone Jailbroken? ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • RE: Which Commercial Web App Scanner?
    ... so assuming that leaves WebInspect and Acunetix ... actually do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Pentest exams
    ... would be a dynamic duo of pen testing certs. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually ... do a proper penetration test. ...
    (Pen-Test)