There are not many options without jailbreaking to bypass/disable ssl pinning however I just had to go through this process as the iPad I use currently for iOS app [app.ipa] penetration testing is too new to be jailbroken.
I thought I’d write up a quick list of commands of what was required for this process.
I tried to include all the install commands for the tools I used for this as well but most of this stuff was installed a while ago so please forgive me if I forgot something.
I used an OSX box for this process [it’s what my job gave me, please don’t flame me]
Install xCode from the OSX App Store
Had to run this because of a cert error trying to install objection
cd /Applications/Python 3.8/
sudo ./Install Certificates.command
pip3 install objection
pip3 install frida
npm install -g ios-deploy
npm install -g applesign
npm install -g itms-services
Had to run this because of an xcode developer tools command line error
sudo xcode-select -s /Applications/Xcode.app/Contents/Developer
Download the IPA:
itms-services -u “itms-services://?action=download-manifest&url=https://s37-southeast-99.amazonaws.com/tefe/manifest.plist” -o - > ~/Desktop/app-to-be-tested/out.ipa
Find your code signing identity:
security find-identity -p codesigning -v
Now open xCode, connect the iOS device you want to install the patched application on,
- Create a new blank app project
- Select the iOS device from the top left
- Hit the big play button
- Close xcode
Use Objection to patch the IPA file with Frida and re-sign it:
objection patchipa --source ~/Desktop/app-to-be-tested/out.ipa --codesign-signature 1F7V7B…….
Then just sideload the app with xcode and you’re good to go!
If that doesn’t work you can try to use ios-deploy to install the app:
cd ~/Desktop/app-to-be-tested/
unzip patched-app.ipa
ios-deploy --bundle ~/app-to-be-tested/Payload/patched-app.app -W -d
Sources:
END TRANSMISSION