Setting up iGoat on Jailbroken iDevices

OWASP iGoat is an open source self-learning tool for iOS developer and iOS mobile security tester. Jailbreaking remove all the restriction provided by apple like installing app from unknown source, allows to install SSH service etc., and permits root access of the iOS device.

Downloading iGoat:

Setting up iGoat:

There are many ways to install the .ipa file in jailbroken device.

1. Install using iFunBox:

One of the simplest way is by using iFunBox tool. iFunBox tool turn the iDevice into a USB. It provides many features like drag-drop, app installation etc. Below are the steps to install ipa file in jailbroken device:

  • Download and install the "iFunBox" tool in testing system.

  • Connect iDevice to the testing system via USB.

  • Navigate to the "My Device" ->"Apps" ->"Install App(*.ipa)".

  • Select the "iGoat.ipa" file from the testing system and click on "Open".

2. Install using SSH:

SSH is one of the important utility that will really help while doing pen testing on iOS application. Follow the below steps to install the iGoat application on jailbroken iDevice.

  • Open the "Cydia" in jailbroken device.
  • Search for "openSSH" and click on "Install".

  • Click on "Confirm".

  • Navigate to "Settings" -> "Wi-Fi" -> Tap on your access point and note down the IP address of iDevice.

  • Transfer the iGoat.ipa file from your system to iDevice. For sending the file you can use different software like FileZilla, WinSCP, iFunBox etc. Here I will be using sftp to transfer the file from test system(MAC) to iphone device. Open the terminal in your Mac OS and type the following command:
    sftp <username>@<ip_Address>

  • Try to connect it using root user. By default password of root user is "alpine".

  • Use the following command to transfer the file:

put /local path/iGoat.ipa /remote device path/

  • Now we will use "instrallipa" utility to install the app in iDevice. Open the terminal in your Mac OS and type the following command:

    ssh root@<IP Address>

  • Try to connect it using root user. By default password of root user is "alpine".

  • Run the following command to install the app:

Running iGoat:

  • Click on "iGoat" app in iDevice to run the application.

  • Click on "Dismiss" to start the challenges.

results matching ""

    No results matching ""