😎Installing tools on iOS device

Once you have jailbroken your iOS device using checkra1n, the next step is to install additional tools and packages to enable iOS pen-testing. One of the key tools you will need is Cydia, which is a package manager for jailbroken iOS devices.

Now add the below repos to your Cydia.

1.https://cydia.akemi.ai/, Karen’s Repo

2. https://build.frida.re , Frida Repo

To add a repository to your iOS device using Cydia, follow these steps:

1. Start Cydia and go to Manage > Sources > Edit > Add.

2. Enter the URL of the repository you want to add and click on Add Source.

3. This will add the repository to your device and allow you to install packages from it.

After adding repositories, you can use the Search feature in Cydia to find and install the packages you need for iOS penetration testing. Some of the key packages you will need include HideJB, Frida, and Appsync Unified. You can search for these packages by name and install them using Cydia.

Here are the steps to install a package from Cydia:

1. Open Cydia and go to the Search tab.

2. Enter the name of the package you want to install (e.g. HideJB) and press Enter to search for it.

3. Locate the package in the search results and tap on it to open the package page.

4. Tap on Install to begin the installation process.

5. Cydia will download and install the package on your device. Once the installation is complete, you can use the package as needed.

In addition to these packages, you will also need to install SSL Kill Switch 2 and Otool manually. To do this,

1.Use the ssh command to connect to your jailbroken iOS device as the root user.

2. Navigate to the /tmp folder using the cd command.

3. To download “SSL Kill Switch 2" use wgetcommand, wget https://github.com/nabla-c0d3/ssl-kill-switch2/releases/download/0.14/com.nablac0d3.sslkillswitch2_0.14.deb .

4. Install the package using dpkg -i com.nablac0d3.sslkillswitch2_0.14.deb

5. Restart the SpringBoard killall -HUP SpringBoard to complete the installation.

6. After this install Otool using command , apt install otool

After completing these steps, you should be able to see “Hide JB” and “SSL Kill Switch 2" in the Settings menu on your iOS device. The Otool utility can be accessed using a shell, so we need to establish an ssh connection to the iOS device in order to use it..These tools will be essential for iOS pen-testing, so make sure they are installed and configured properly.

After setting up your environment for iOS pen-testing and installing the necessary tools and packages on your jailbroken iOS device, the next step is to add the Burp certificate to your device. This will allow your device to trust the SSL/TLS certificates that are generated by Burp, which is essential for using Burp to intercept and analyze the network traffic of iOS applications.

To add the Burp certificate to your iOS device, follow these steps:

1. Open Burp and go to the Proxy > Options > Proxy Listeners tab.

3. On your iOS device, go to Settings > Wi-Fi and click on the Wi-Fi network you are connected to.

4. Select Configure Proxy, choose Manual, and enter the IP address and port of your laptop (e.g. 192.168.0.1:8080). Save the changes.

5. Open the Safari browser on your iOS device and enter http://burp. Download the Burp certificate and click on Allow.

6. In the Settings app, go to General > Profile > PortSwigger CA and click on Install. Click on Done to complete the installation.

7. Now in the Settings app, go to General> About> Certificate Trust Settignsand Enable the PortSwigger CA certificate by toggling the switch next to it.

After completing these steps, the Burp certificate will be added to your iOS device and you will be able to capture the network traffic of the device.