Corellium iOS App Testing with Burp-suite
Corellium provided virtual iOS-based devices for individual accounts on our groundbreaking security research platform. Corellium’s iOS devices may be jailbroken or non-jailbroken and can be used for security research.
In this article, we will try to intercept ios traffic with help of Burp-Suite.
SO let’s get started. There are no big requirements for this setup, you just need a Corellium account. You should have burp-suite installed in your system, it can be any operating system as per your choice, i will be doing this on windows and linux both.
Things you should know before getting started
it is similar to the rooting process in android in which we unlock the root permissions for android and then we can change anything in android including system config files. this is similar in with iOS and has a more fancy term called JAILBREAK. In the jailbreaking process, we unlock the root permissions for ios and use it at its fullest, and also you can use tweaks that you can’t without jailbreak.
why do we need jailbreaking for this? we want to install some tweaks with help of Cydia and also it will give us permission to control the processes running on the iPhone so we can do our testing easily. mainly dynamic analysis.
💡 Benefits of Jailbreak
- extracting IPA from ios
- able to access internal files
- install third-party tools
- access the process memory
- perform bypass tls
- perform debugging in real time
💡 Types of Jailbreak
- untethered jailbreak
- Tethered Jailbreak
- Semi-Tethered Jailbreak
- Semi-Untethered Jailbreak
learn more about Jailbreak here – https://www.kaspersky.com/resource-center/definitions/what-is-jailbreaking
- Getting started with Corellium
- Creating a device on Corellium
- Setting up OVPN
- Configuring the Burp-suite to intercept the traffic
- Installing CA Certificate
- Testing the Traffic
Getting started with Corellium:
- Visit their website at :
Virtual devices with real-world accuracy
2. They will take time to process your application but i can assure it woth waiting. Good things takes time. once you get access you can now create devices.
3. The pricing of Corellium can look confusing to beginners. visit :
4. I use usage-based pricing. because With usage-based pricing, you’re only billed for the time that you use or store your virtual devices. so by the calculations, if you test ios applications 3 hours daily for 30 days, [((0.25(per core)6(for any latest device you need 6 cores))3(hours you wanna test))30(Days)+(0.25(To keep the device active)30(no. of Days you wanna keep device))=142.5(Total bill for a month where you used a 6 core iPhone 8–13 for 3 hours daily)] [((0.256)3)30+(0.2530)=142.5].
5. also if you don’t choose usage-based pricing then you can choose a monthly plan which is 295$ according to calculations if you choose usage-based pricing and use iPhone 13 pro max 6 core for 30 days daily for 6.5 hours then you will cross this pricing. so if you are thinking of using a device for more than 6.5 hours daily for the next 30 days then you should go with 295$ monthly plan. I think if you test more than 6.5 hours daily then you should definitely buy a physical device and enjoy the in-hand feel.
Creating a device on Corellium
- Go to create a Device
2. Select Device Type: Android or IOS. Select IOS for this Setup.
3. Choose the Device that you want.
4. Now choose the IOS version, choose any stable version, I will choose the latest. also, pick on jailbroken so The Device that you will create will automatically be Jailbroken. we need Jailbroken IOS so we can use it for testing. I have already explained what is Jailbroken.
5. Tick on the Advanced Option if you want.
6. Check all the options again
7. Create the Device. It will take some time but you will be charged for this time too. 🥲
8. The device is ready but it will take another 15–20 minutes to get started.
9. Everything is ready now. Most probably you have been charged nearly .50$till now so enjoy.
10. Pause the Device till you don’t need it. start it again when you need it, so you don’t get charged unnecessarily.
So This was the whole process of Creating an IOS Device on Corellium. Let’s move to the next steps.
Setting up OVPN
- Click on Connect
- Go to connect via VPN and download the OVPN file.
- Connect will OVPN file.
Configuring the Burp-suite to intercept the traffic
- Start burp suite and go to the proxy tab and add VPN IP to proxy
2. Now configure iPhone too, First, go to wifi settings and then select current wifi as in Corellium, it’s corellium.
3. Open Any URL on safari and check your burp suite.
4. we have successfully intercepted the connection with the Burp-Suite.
Installing CA Certificate
- Go to http://burpsuite on safari and download the CA Certificate
2. Go to VPN & Device Management and there you will find it already
3. Installed successfully.
Testing the Traffic
- Check the traffic again, open any website and intercept the traffic, it’s working fine.
Now we have successfully intercepted the ongoing traffic with Burp-suite.
in the next article, we will learn more related to Burp-Suite & iOS.