https://jordan-wright.com/blog/tags/burp/Recent content in Burp on Jordan WrightHugoen-usTue, 05 Nov 2013 21:50:00 +0000https://jordan-wright.com/blog/2013/11/07/how-to-pentest-iphone-apps-with-burp/Tue, 05 Nov 2013 21:50:00 +0000https://jordan-wright.com/blog/2013/11/07/how-to-pentest-iphone-apps-with-burp/<img src="https://jordan-wright.com/blog/images/headers/iphone_burp.png" alt="" class="pure-img" > <h3 id="introduction">Introduction</h3> <p>When looking at the functionality of mobile apps, it&rsquo;s clear that they aren&rsquo;t <em>that</em> different than web applications. They often just serve as a frontend for the data stored on a central backend server or database. As such, if developers aren&rsquo;t careful to protect these apps, many of the <a href="https://www.owasp.org/index.php/Top_10_2013">same vulnerabilities</a> we find in standard web applications (such as injection attacks on unvalidated input) can be exploited by attackers.</p> <p>This post will show how to setup the iPhone to work with the popular <a href="http://portswigger.net/burp/download.html">Burp Suite</a> so that traffic from apps can be intercepted and tested for vulnerabilities.</p>