Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues.
The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records details of relevant API calls, including arguments and return values and persists them in a database. Additionally, the calls are also sent to the Console for real-time analysis.
How Introspy works
The tool comprises two separate components: Introspy-iOS and Introspy-Analyzer.
Introspy-iOS is a tracer that can be installed on a jailbroken iOS device. It will hook security-sensitive APIs called by a given application, including functions related to cryptography, IPCs, data storage / protection, networking, and user privacy. The call details are all recorded and persisted in a SQLite database on the device
This database can then be fed to Introspy-Analyzer, which generates an HTML report displaying all recorded calls, plus a list of potential vulnerabilities affecting the application.
