[Nicholas Petty] has posted a guide to setting up your iPhone as a penetration tester. You already carry it around with you and, although not too beefy, it does have the hardware you need to get the job done. So if you’re not interested in building a drone or carrying around a boxy access point try this out. The first step is to jailbreak your device and setup OpenSSH so that you can tunnel in for the rest of the setup. From there the rest of the setup is just acquiring build tools and compiling pentesting programs like Aircrack-ng, Ettercap, Nikto2, and the Social Engineering Toolkit. You’ll be up to no good testing your wireless security in no time.
27 thoughts on “Make IPhone A Penetration Testing Tool”
Leave a Reply
Please be kind and respectful to help make the comments section excellent. (Comment Policy)
Very cool, I’d like to see a similar guide for android.
It is basically the same just install a terminal emulator from Google play
Why post this now? This article is several years late, this was all possible with iPhone version 1.
the title of the post is full of all kinds of wrong
alright now how do i do the same thing on a droid ?
This is OLD news, and also misleading. The iPhone will NOT be capable of packet injection, which is a major part of aircrack-ng.
Wow, is that serious i can install All this “iPhone only” apps, to make a pentest tool? ¬¬
AK, yes, it’s too late in the day :p
On a side note, why does every guide everywhere says use SSH when “iphone browser” does the same with with a GUI? I’m not related to them, I just like it way better than SSHing all the custom themes and stuff I make. http://code.google.com/p/iphonebrowser/downloads/list
I know that this has all been done before, but I wrote this because of the lack of actual documentation of it.
he said penetration and tool
Came here to say “Ok, NOW I’ll get an iPhone.”
But upon reading it’s unable to implement packet-injection, it looks like I’ll have to keep waiting for an interesting iPhone app to pull me into the purchase. Guess no one’s hacked it into the wifi drivers yet.
Get a Nexus
Perhaps not as in depth as yours(I haven’t read it, sorry), but it’s not too shy on details
https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-thomas_wilhelm-hacking_ipod_touch.pdf
And the Actual talk with slides
https://media.defcon.org/dc-17/video/DEFCON%2017%20Hacking%20Conference%20Presentation%20By%20Thomas%20Wilhelm%20-%20Hacking%20with%20the%20iPod%20Touch%20-%20Video%20and%20Slides.m4v
Use android and download/make your own. Unlike the iPhail you can actually write your own software without big company approval.
@Word
because i did not know about it and im not alone
not all of us spend 25 hours a day searching peoples blogs
IIRC you still cant use the monitormode for sniffing wireless networks, not on the iPhone also not on Android. Please correct me if I’m wrong because I’d love to be able to set up a small wireless capturing beacon for portable pentesting :)
@leithoa, thanks for the second link, i’ve been wanting to see that. The first one was actually some of the inspiration for writing this.
It frustrates me no end to see this on iPhone. I’ve looked several times for similar toolkits for my Droid, to no avail. Yes, I know I can, in theory write/port it myself. Like most everyone, I’ve not got the time…
g33k you can just load up debian on your Droid and run all those tools there
I’m assuming that since the author mentions using snowbreeze to create a custom firmware to allow for a bigger root partition that this would be incompatible with the iPhone 4?
I’m pretty sure all cell phone wifi cards do not support monitor mode and packet injection, hence it can’t really ‘penetrate’ but merely ‘test’ wifi connectivity if you have the right key already…. Too bad :(
@felix, I have read that one can load Debian, but doesn’t one lose the phone functionality?
I guess it’s fairly useful, portable, and discreet for recon, but I don’t think you’ll be doing too much actual penetration with it. Still, I loved Ettercap when I was into this stuff, and I can think of a few pranks and a few more malicious things that portable ettercap would be useful for.
Oh, and I think Nmap should absolutely be on the list.
I looked into this a while ago but all the apps available seemed to be in just PoC stage.
Any possibility of this on Android?
Nokia N900 is capable of injection. Just sayin’.
Hey,
This article on makeing the iPhone a penetration testing tools is a great read, thanks for putting it together. I’m happy I found another amazing cyber security blogger.
More grease to your elbow… :)