Disable SSL Pinning for an iOS App Jailbreak not Needed

There are not many options without jailbreaking to bypass/disable ssl pinning however I just had to go through this process as the iPad I use currently for iOS app [app.ipa] penetration testing is too new to be jailbroken.

I thought I’d write up a quick list of commands of what was required for this process.

I tried to include all the install commands for the tools I used for this as well but most of this stuff was installed a while ago so please forgive me if I forgot something.

I used an OSX box for this process [it’s what my job gave me, please don’t flame me]

Install xCode from the OSX App Store

Had to run this because of a cert error trying to install objection

cd /Applications/Python 3.8/
sudo ./Install Certificates.command
pip3 install objection
pip3 install frida
npm install -g ios-deploy
npm install -g applesign
npm install -g itms-services

Had to run this because of an xcode developer tools command line error

sudo xcode-select -s /Applications/Xcode.app/Contents/Developer

Download the IPA:

itms-services -u “itms-services://?action=download-manifest&url=https://s37-southeast-99.amazonaws.com/tefe/manifest.plist” -o - > ~/Desktop/app-to-be-tested/out.ipa

Find your code signing identity:

security find-identity -p codesigning -v

Now open xCode, connect the iOS device you want to install the patched application on,

  • Create a new blank app project
  • Select the iOS device from the top left
  • Hit the big play button
  • Close xcode

Use Objection to patch the IPA file with Frida and re-sign it:

objection patchipa --source ~/Desktop/app-to-be-tested/out.ipa --codesign-signature 1F7V7B…….

Then just sideload the app with xcode and you’re good to go!

If that doesn’t work you can try to use ios-deploy to install the app:

cd ~/Desktop/app-to-be-tested/
unzip patched-app.ipa
ios-deploy --bundle ~/app-to-be-tested/Payload/patched-app.app -W -d 

Sources:

1

2

3

END TRANSMISSION

Leave a Reply