iOS Pentesting Checklist
Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:
Preparation
Data Storage
Keyboards
Logs
Backups
Applications Memory
Broken Cryptography
Local Authentication
Sensitive Functionality Exposure Through IPC
Custom URI Handlers / Deeplinks / Custom Schemes
Check if the application is registering any protocol/scheme
Check if the application is registering to use any protocol/scheme
Check if the application expects to receive any kind of sensitive information from the custom scheme that can be intercepted by the another application registering the same scheme
Check if the application isn't checking and sanitizing users input via the custom scheme and some vulnerability can be exploited
Check if the application exposes any sensitive action that can be called from anywhere via the custom scheme
Check if the application is registering any universal protocol/scheme
Check the
apple-app-site-association
fileCheck if the application isn't checking and sanitizing users input via the custom scheme and some vulnerability can be exploited
Check if the application exposes any sensitive action that can be called from anywhere via the custom scheme
Check if the application can receive UIActivities and if it's possible to exploit any vulnerability with specially crafted activity
Check if the application if copying anything to the general pasteboard
Check if the application if using the data from the general pasteboard for anything
Monitor the pasteboard to see if any sensitive data is copied
Is the application using any extension?
Check which kind of webviews are being used
Check the status of
javaScriptEnabled
,JavaScriptCanOpenWindowsAutomatically
,hasOnlySecureContent
Check if the webview can access local files with the protocol file:// (
allowFileAccessFromFileURLs
,allowUniversalAccessFromFileURLs
)Check if Javascript can access Native methods (
JSContext
,postMessage
)
Network Communication
Perform a MitM to the communication and search for web vulnerabilities.
Check if the hostname of the certificate is checked
Check/Bypass Certificate Pinning
Misc
Check for automatic patching/updating mechanisms
Check for malicious third party libraries
Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:
Last updated