https://github.com/jxroot/configripper
a collection of profiles for IOS designed for penetration testing or red teaming
https://github.com/jxroot/configripper
Last synced: 4 months ago
JSON representation
a collection of profiles for IOS designed for penetration testing or red teaming
- Host: GitHub
- URL: https://github.com/jxroot/configripper
- Owner: jxroot
- Created: 2025-07-01T14:57:18.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2025-07-01T15:30:36.000Z (12 months ago)
- Last Synced: 2025-10-20T20:14:36.527Z (8 months ago)
- Language: HTML
- Homepage:
- Size: 407 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# π± MobileConfig for Red Teaming & Pentesting

*Apple configuration profiles can be weaponized for advanced red teaming and security testing on iOS and macOS devices.*
---
## π Overview
**MobileConfig** files are Appleβs configuration profile format used to manage device settings. These files can automate VPN setup, enforce restrictions, modify Wi-Fi connections, install root certificates, and more.
When used creatively in a red team operation, they enable phishing, traffic manipulation, device policy tampering, and persistence.
## π₯ Red Team Capabilities
| Category | Capability | Description / Example |
|------------------|-------------------------------|------------------------------------------------|
| **Network** | Auto Wi-Fi Connection | Set SSID, password, security type |
| | VPN Configuration | IKEv2/L2TP, split tunneling, custom auth |
| | Proxy & DNS Settings | MITM setup with malicious proxy or DNS |
| **Security** | Password Policies | Force password complexity, retry limits |
| | Auto-Lock Settings | Auto-lock timeout |
| **Restrictions** | Disable Features | Camera, Safari, AirDrop, App Install/Removal |
| **Certificates** | Install CA / Client Certs | Trust fake CAs, enable TLS interception |
| **MDM** | Enroll Device | Remote control via MDM protocol |
| **System** | SSO, Notifications | Kerberos / SAML setup, notification control |
| **UI Attack** | WebClip Payload | Fake app icon on home screen linking to phishing page good for use with Evilginx Can Install Bad Fonts or make crash on parse config
## π§ͺ Examples
| File | Purpose |
|-----------------------------------|---------------------------------------|
| `vpn_mobileconfig.mobileconfig` | Auto-connect to controlled VPN |
| `proxy_mobileconfig.mobileconfig` | Intercept traffic via custom proxy |
| `cert_install.mobileconfig` | Install fake root certificate |
| `disable_camera.mobileconfig` | Disable camera on the device
| `fake_app.mobileconfig` | phishing page With WebClip |
All examples are located in the `/examples/` folder.
## πΈοΈ Web-Based Delivery Samples
Delivering `.mobileconfig` files via phishing-style webpages is highly effective.
You can host a fake page and convince the user to install the profile.
| File | Purpose |
|-----------------------------------|---------------------------------------|
| `wifi_signup.html` | Fake Wi-Fi login portal |
| `vpn_org_setup.html` | Corporate VPN configuration page |
| `cert_install.html` | Certificate update for compliance |
| `app_install.html` | Fake Application For WebClip
All examples are located in the `/web_samples/` folder.
## Note: `Content-Type: application/x-apple-aspen-config`
- This header tells iOS/macOS that the file is an Apple configuration profile (`.mobileconfig`).
- It ensures the device recognizes the file and prompts the user to install it.
- Without it, the profile might just download without triggering installation.
- Use it on your server when serving `.mobileconfig` files for smooth installation.
### π Hosting Example
----------
`python3 -m http.server 8080`
Open the hosted page on Safari (iOS/macOS) and the system will prompt the user to install the profile.
> β οΈ **Reminder:** The user must manually confirm installation via system settings.
π§ Contact
## β οΈ Legal & Ethical Disclaimer
π¨ This tool is developed strictly for educational and authorized security testing purposes only.
π¬ It is intended to help cybersecurity professionals, researchers, and enthusiasts understand post-exploitation, red teaming, and detection techniques in lab or controlled environments.
β Do NOT use this tool on any system or network without explicit permission. Unauthorized use may be illegal and unethical.
π‘ The author takes no responsibility for any misuse or damage caused by this project.
---
> Always hack responsibly. π»π