# Installing tools on iOS device **Once you have jailbroken your iOS device using checkra1n, the next step is to install additional tools and packages to enable iOS pen-testing. One of the key tools you will need is Cydia, which is a package manager for jailbroken iOS devices.** **Now add the below repos to your Cydia.** [**1.https://cydia.akemi.ai/**](https://cydia.akemi.ai/)**, Karen’s Repo** [**2. https://build.frida.re**](https://build.frida.re/) **, Frida Repo** **To add a repository to your iOS device using Cydia, follow these steps:** 1. **Start Cydia and go to**** ****`Manage`**** ****>**** ****`Sources`**** ****>**** ****`Edit`**** ****>**** ****`Add`****.** 2. **Enter the URL of the repository you want to add and click on**** ****`Add Source`****.** 3. **This will add the repository to your device and allow you to install packages from it.**

**After adding repositories, you can use the**** ****`Search`**** ****feature in Cydia to find and install the packages you need for iOS penetration testing. Some of the key packages you will need include**** ****`HideJB`****,**** ****`Frida`****, and**** ****`Appsync Unified`****. You can search for these packages by name and install them using Cydia.** **Here are the steps to install a package from Cydia:** 1. **Open Cydia and go to the**** ****`Search`**** ****tab.** 2. **Enter the name of the package you want to install (e.g.**** ****`HideJB`****) and press**** ****`Enter`**** ****to search for it.** 3. **Locate the package in the search results and tap on it to open the package page.** 4. **Tap on**** ****`Install`**** ****to begin the installation process.** 5. **Cydia will download and install the package on your device. Once the installation is complete, you can use the package as needed.**

**In addition to these packages, you will also need to install SSL Kill Switch 2 and Otool manually. To do this,** **1.Use the** **`ssh`**** ****command to connect to your jailbroken iOS device as the**** ****`root`**** ****user.** **2. Navigate to the**** ****`/tmp`**** ****folder using the**** ****`cd`**** ****command.** **3. To download “SSL Kill Switch 2" use**** ****`wget`****command,** **`wget`** [**`https://github.com/nabla-c0d3/ssl-kill-switch2/releases/download/0.14/com.nablac0d3.sslkillswitch2_0.14.deb`**](https://github.com/nabla-c0d3/ssl-kill-switch2/releases/download/0.14/com.nablac0d3.sslkillswitch2_0.14.deb) **`.`** **4. ****Install the package using** **`dpkg -i com.nablac0d3.sslkillswitch2_0.14.deb`** **5. ****Restart the SpringBoard** **`killall -HUP SpringBoard`** **to complete the installation.** **6. ****After this install**** ****Otool**** ****using command ,** **`apt install otool`**

**After completing these steps, you should be able to see “Hide JB” and “SSL Kill Switch 2" in the Settings menu on your iOS device. The Otool utility can be accessed using a shell, so we need to establish an ssh connection to the iOS device in order to use it..These tools will be essential for iOS pen-testing, so make sure they are installed and configured properly.**

**After setting up your environment for iOS pen-testing and installing the necessary tools and packages on your jailbroken iOS device, the next step is to add the Burp certificate to your device. This will allow your device to trust the SSL/TLS certificates that are generated by Burp, which is essential for using Burp to intercept and analyze the network traffic of iOS applications.** **To add the Burp certificate to your iOS device, follow these steps:** 1. **Open Burp and go to the**** ****`Proxy`**** ****>**** ****`Options`**** ****>**** ****`Proxy Listeners`**** ****tab.**

**3. ****On your iOS device, go to**** ****`Settings`**** ****>**** ****`Wi-Fi`** **and click on the Wi-Fi network you are connected to.** **4. ****Select** **`Configure Proxy`****,** **choose** **`Manual`****,**** ****and enter the IP address and port of your laptop**** ****(e.g.**** ****`192.168.0.1:8080`****).** **Save the changes.**

**5. Open the Safari browser on your iOS device and enter** **`http://burp`****.** **Download the Burp certificate and click on** **`Allow`****.** **6. ****In the** **`Settings`** **app, go to** **`General`**** ****>**** ****`Profile`**** ****>**** ****`PortSwigger CA`** **and click on** **`Install`****.**** ****Click on** **`Done`** **to complete the installation.**

**7. Now in the Settings app, go to** **`General`****>**** ****`About`****>**** ****`Certificate Trust Settigns`****and Enable the PortSwigger CA certificate by toggling the switch next to it.**

**After completing these steps, the Burp certificate will be added to your iOS device and you will be able to capture the network traffic of the device.**