Now SSL Kill Switch 2 will appear in Settings, you just need to toggle it on!
Pulling IPA from iOS Device:
Sequrus-iPad:~ root# ipainstaller -l
Sequrus-iPad:~ root# ipainstaller -b <package-name>
The application has been backed up as /private/var/mobile/Documents/Package-Name.ipa.
Now Connect to the iOS Device IP address using FileZilla to download the IPA from the above Location. This IPA can be used on tools like MobSF for static analysis
Frida on iOS:
If Frida Server doesn't start through Cydia, Start is manually:
In another Terminal open a ssh proxy and run the following:
iproxy 2222 22
Make sure the credentials in the dump.py file are root:alpine (unless you have changed them on your iOS jailbroken device):
Now list all the application packages using the -l flag:
βββ(rootγΏkali)-[~/Downloads/frida-ios-dump]
ββ# python3 dump.py -l
PID Name Identifier
- ------------- -------------------------------
- App Store com.apple.AppStore
- Camera com.apple.camera
- Chrome com.google.chrome.ios
Now without the -l flag dump the package of your choice as decrypted IPA. I'm using -o to output a different file name but can also just dump without changing the name:
βββ(rootγΏkali)-[~/Downloads/frida-ios-dump]
ββ# python3 dump.py com.my.sample.app
Start the target app com.my.sample.app
Dumping Incode Omni to /tmp
start dump /private/var/containers/Bundle/Application/0000-00000-00000-00000/my.sample.app/
myapp.fid: 100%|ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ| 16.8M/16.8M [00:00<00:00, 33.9MB/s]
AppIcon60x60@2x.png: 26.1MB [00:04, 5.89MB/s]
0.00B [00:00, ?B/s]
Generating "My App.ipa"
