-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to use MTHawkeye on jailbroken phones without app modifications #59
Comments
Hi, Abraham. I would like to answer your last question.
You are right. We know it's useful to use Hawkeye at runtime. And in fact, we are actually doing this in our team. We can inject Hawkeye into any existing ipa package. Which means we can use Hawkeye in any App, as long as we can get the ipa file of that App. According to our solution, we use pod-packager to build Hawkeye into a framework. Then we use scripts to inject the Hawkeye framework into target ipa package and resign the ipa. Most functions work well in this situation. In this way, you can profile almost any third party application without jailbroken phones. |
Is your feature request related to a problem? Please describe.
When reviewing iOS apps with the FLEX bar, there are limitations to the Network Monitoring functionality. i.e. Not able to export all captured traffic, no persistence if the app crashes, no detailed filter like MTHawkeye.
Describe the solution you'd like
I would like MTHawkeye releases to include a .deb file, to be released in github and idelally also a Cydia repo. The goal would be to be able to use MTHawkeye functionality while performing security audits of mobile apps. For this purpose, MTHawkeye could be a standalone tweak or be somehow integrated into the FLEX bar.
Describe alternatives you've considered
The FLEX bar is currently insufficient for this as described in the problem description above.
Additional context
MTHawkeye seems great for situation where developers manually add this to their apps, it would be great to be able to use MTHawkeye at runtime to audit any app without having the source code, i.e. at runtime using the FLEX bar or similar.
The text was updated successfully, but these errors were encountered: