How to Pentest iPhone Apps with Burp

Introduction

When looking at the functionality of mobile apps, it’s clear that they aren’t that different than web applications. They often just serve as a frontend for the data stored on a central backend server or database. As such, if developers aren’t careful to protect these apps, many of the same vulnerabilities we find in standard web applications (such as injection attacks on unvalidated input) can be exploited by attackers.

This post will show how to setup the iPhone to work with the popular Burp Suite so that traffic from apps can be intercepted and tested for vulnerabilities.

Read More