Enabling Safari Web Inspector on iOS

Document/0x06h-Testing-Platform-Interaction.md

@@ -2259,6 +2259,25 @@ There are a couple of things to consider:
 
 This should be sufficient for an app analysis and therefore, `SFSafariViewController`s are out of scope for the Static and Dynamic Analysis sections.
 
+#### Safari Web Inspector
+
+Enabling Safari web inspection on iOS allows you to inspect the contents of a WebView remotely from a macOS device and it does not require a jailbroken iOS device.
+Enabling the [Safari Web Inspector](https://developer.apple.com/library/archive/documentation/AppleApplications/Conceptual/Safari_Developer_Guide/GettingStarted/GettingStarted.html) is especially interesting in applications that expose native APIs using a JavaScript bridge, for example in hybrid applications.
+
+To activate the web inspection you have to follow these steps:
+
+1. On the iOS device open the Settings app: Go to **Safari -> Advanced** and toggle on *Web Inspector*.
+2. On the macOS device, open Safari: in the menu bar, go to **Safari -> Preferences -> Advanced** and enable *Show Develop menu in menu bar*.
+3. Connect your iOS device to the macOS device and unlock it: the iOS device name should appear in the *Develop* menu.
+4. (If not yet trusted) On macOS's Safari, go to the *Develop* menu, click on the iOS device name, then on "Use for Development" and enable trust.
+
+To open the web inspector and debug a WebView:
+
+1. In iOS, open the app and navigate to the screen that should contain a WebView.
+2. In macOS Safari, go to **Developer -> 'iOS Device Name'** and you should see the name of the WebView based context. Click on it to open the Web Inspector.
+
+Now you're able to debug the WebView as you would with a regular web page on your desktop browser.
+
 ### Static Analysis
 
 For the static analysis we will focus mostly on the following points having `UIWebView` and `WKWebView` under scope.