Documentation: Tools



Tools

This tab groups several miscellaneous tools.

Tools

Screenshot Utility

The screen shot utility is a simple wizard that can be used to test whether an app is disclosing sensitive data in the automatic backgrounding screenshots taken by iOS. After starting the wizard, the “Launch Application” button can be used to launch the app under investigation (make sure the device screen is on and not locked):

Launch App

After clicking “Continue”, the next screen asks you to background the application by clicking the home button on the device. Once you did, click “Continue” to see whether a screenshot was found. If it was, idb downloads it and allows you to open it in your default image viewer. If no screenshot is found, a corresponding message is displayed.

Screenshot found

CA Certificate Manager

Installing new CA certificates on the iDevice can be cumbersome at times. This function aims at making the process faster by automatically making the respective certificate accessible to the iDevice.

First, if your iDevice is set up to go through Burp Suite, clicking “Install Burp Cert” will automatically launch a URL handler on the device which redirects to http://burp/cert and allows the installation of the Burp CA cert with one click (make sure the device screen is on and not locked).

Burp CA Install

iOS Cert Install Dialog

Second, for all other certificates, you can use the “Certificate Manager”.

idb cert manager

In order to install a new certificate, click on “Import” and select the desired certificate file. Both PEM and DER formats are supported. After selecting the file, idb will internally serve the file on an HTTP server and trigger a URL handler on the device in order to install it. After installation, use the “Refresh” button to update the certificate list.

idb cert manager

Finally, clicking “Delete”, will remove the file from the iDevice’s trust store.

/etc/hosts File Editor

The /etc/hosts file editor provides a simple way to modify the host applications connect to. In order to intercept traffic for an app, one would typically use a tool such as Burp Suite and set the iOS system proxy to make the app connect to it. However, when the app does not respect proxy settings or communicates via non-HTTP protocols, this may fail. In these instances modifying the /etc/hosts may help in pointing the app at a running proxy instance which then forwards traffic to the actual server expected by the app.

idb’s interface is very simple. The “Load” button retrieves the current /etc/hosts file from the device and displays it. After making the desired modifications, clicking “Save” will store the new file on the device.

Hosts File Editor

iOS Log

The Log tab can be used to view the syslog of the iDevice. Besides system messages, it also includes any log statements that apps produce using NSLog which often disclose sensitive data. Internally, the log view uses idevicesyslog which is part of libmobiledevice. Clicking the start button will launch idevicesyslog and stream severity-highlighted log messages right into idb.

iOS Syslog