RE: Iphone pen test?

["Adam Richards" <adam.richards () ecimln com>]

Is the iPhone Jailbroken? If so you can use tcpdump and ssh or mobile
terminal to capture the traffic and scp it back to your workstation. 
If it's stock you can connect it to you AP and sniff the wireless
traffic. If you have an AP that you can create a span port on it from
the wireless to a wired port you could also sniff the traffic off of it.


Adam Richards, CISSP | CEH



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of yasser.alruhaily () gmail com
Sent: Monday, June 21, 2010 1:57 AM
To: pen-test () securityfocus com
Subject: Iphone pen test?

Hi all,



i have an assignment  to pentest iphone application. how can I intercept
the data before send it out to the server?



Is there any application could run in iphone as intercepting proxy?

how can i check buffer over flow errors?



thanx

YassEr

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------