[Introspy] Monitor app in your iDevice

The Problem

In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks – especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various APIs and the ability to use relatively complex, generic tools such as Cycript, or Mobile Substrate – or just jump straight into the debugger.
To simplify this process, we are releasing Introspy – an open-source security profiler for iOS. Introspy is designed to help penetration testers understand what an application does at runtime.

How Introspy works

The tool comprises two separate components: an iOS tracer and an analyzer.
The iOS tracer can be installed on a jailbroken iOS device. It will hook security-sensitive APIs called by a given application, including functions related to cryptography, IPCs, data storage / protection, networking, and user privacy. The call details are all recorded and persisted in a SQLite database on the device.

This database can then be fed to the Introspy analyzer, which generates an HTML report displaying all recorded calls, plus a list of potential vulnerabilities affecting the application.

Tracer

Once installed, the tracer will store in a SQLite database all calls made by iOS applications to security-sensitive APIs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s