-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add iOS tcpdump instructions to 0x06b and related mitmproxy reference to 0x08a #2326
Conversation
Hi @cpholguera any feedback on this? |
Hi @cgarst, I'm very sorry that this is taking so long. We're focusing on the MASVS refactoring right now but let me see if we can do a review of this PR one of these days. Thank you for your patience! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your PR! I've got a few small comments and would love to hear your feedback :)
|
||
#### Network Traffic Capture with a USB Cable and macOS | ||
|
||
You can remotely sniff all traffic in real-time on iOS by [creating a Remote Virtual Interface](https://stackoverflow.com/questions/9555403/capturing-mobile-phone-traffic-on-wireshark/33175819#33175819 "Wireshark + OSX + iOS") for your iOS device. First, make sure you have [Wireshark](0x08a-Testing-Tools.md#wireshark) installed on your macOS host computer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why refer to the stackoverflow post? Why not refer to https://developer.apple.com/documentation/network/recording_a_packet_trace ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small updates
Thanks for the assist @TheDauntless ! |
… to 0x08a (#2326) * Add iOS tcpdump instructions to 0x06b and related mitmproxy reference to 0x08a * Add proxy vs pcap context, and pcap conversations summary tip to 0x06b * Fix linting issues in 0x06b * Update Document/0x06b-Basic-Security-Testing.md * Fix trailing space * Fixed URL --------- Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be>
* Add iOS tcpdump instructions to 0x06b and related mitmproxy reference to 0x08a (#2326) * Add iOS tcpdump instructions to 0x06b and related mitmproxy reference to 0x08a * Add proxy vs pcap context, and pcap conversations summary tip to 0x06b * Fix linting issues in 0x06b * Update Document/0x06b-Basic-Security-Testing.md * Fix trailing space * Fixed URL --------- Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be> * restore techniques and tools * cleanup and ensure all leftovers are somewhere * new structure for tools and techniques * add platform to techniques * rename techniques * updated tools refs and flatened techniques * removing old stuff * add some tools as metadata * cleanup files * restructure tools and fix techniques headers * update scripts to parse tools, techniques and apps * add mastg apps * fix links * improve code and add external links to frintmatter * rename tools * add redirects * add flowdroid, taint analysis and insecureshop * change theory and tests titles * add index to tools, tech and apps * remove old or non compliant tools * improve links text and titles * add tests index page * replace ref and refs in apps and tools for source * add available at for source url * fix links titles and format for proper parsing * add new link parsing logic * add source to tools * add updated tools disclaimer * change 5b 6b chapter titles removing basic * rename chapter files 5b 6b * renamed script to assemble_chapters_for_pdf, now addressing tests, tools and techniques * add apps to inject for the pdf nad inlcude platform * update chapters intros * fix new lines * fix sub headings in tools * fix word Avaliable * fix markdown lint errors * rm unnecessary files * copy existing files * add missing tests file and minor fixes * add some apps descriptions * add styling of external links * add missing chapter * fix MASTG test composition * add copy of Imgages and sed links to strucutre_masxx.sh scripts * fix broken links * cutter replaced by iaito and included in tools * fix broken links * rename docker folder to pandocker * update src README * Fix figures and captions * fix broken URLs * add css style improvements to maximize space * MASTG tests index sorted by MASVS groups and IDs * rm Resources internal section for now * update "all platforms" to "Generic" in nav * use Section index pages https://squidfunk.github.io/mkdocs-material/setup/setting-up-navigation/#section-index-pages * move suggested reading to Intro * add index for checklist, crackmes, MASTG, MASVS * add MASTG ID back to the table * exclude index.md for calulating Resources * fix internal link processing, fix broken 5b and 6b links, reduce scope of external links to MASTG * add news * restructure news * add news + img * rename apps assigning new IDs * update buttons and create overview MASTG buttons * fix buttons brekdown * add frida logo --------- Co-authored-by: Jeroen Beckers <me.githbub@dauntless.be>
Adding content to 0x06b per #2105 which enables the reader to perform line-level packet capture for iOS devices as an alternative to RVI (suitable for non-Macs and allergies to cables).
Reviewing the references in the issue, I included most of the techniques described here. I considered SSLSPLIT, however didn't feel it would be appropriate for this page of the MASTG. As I understand the scope of 0x06b to be "Basic Security Testing", I think directing those readers to modifying their Mac's pf firewall rules may be too risky for breakage - and possibly problematic with common security restrictions on work computers. Instead I recommend we consider SSLSPLIT as part of a dedicated section to include various advanced transparent interception options in a place which is agnostic to iOS/Android.
I've also added some notes regarding generating
SSLKEYLOGFILE
for HTTPS decryption in Wireshark. Since this approach requires references to mitmproxy, I have added that reference to 0x08a. If there's appetite for more mitmproxy and ZAP documentation in MASTG to reduce dependency on commercial tools that's something I'm also willing to assist with.We may also want to open an issue to revisit the corresponding Android section in 0x05b - I believe those instructions relying on
nc
pre-date the standardsshdump
Wireshark integration and present an approach that is a fair bit more complex and error-prone.This PR closes #2105.