iOS Pentesting Checklist
Last updated
Last updated
Use to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:
Check if the application is registering any protocol/scheme
Check if the application is registering to use any protocol/scheme
Check if the application expects to receive any kind of sensitive information from the custom scheme that can be intercepted by the another application registering the same scheme
Check if the application isn't checking and sanitizing users input via the custom scheme and some vulnerability can be exploited
Check if the application exposes any sensitive action that can be called from anywhere via the custom scheme
Check if the application is registering any universal protocol/scheme
Check the apple-app-site-association
file
Check if the application isn't checking and sanitizing users input via the custom scheme and some vulnerability can be exploited
Check if the application exposes any sensitive action that can be called from anywhere via the custom scheme
Check if the application can receive UIActivities and if it's possible to exploit any vulnerability with specially crafted activity
Check if the application if copying anything to the general pasteboard
Check if the application if using the data from the general pasteboard for anything
Monitor the pasteboard to see if any sensitive data is copied
Is the application using any extension?
Check which kind of webviews are being used
Check the status of javaScriptEnabled
, JavaScriptCanOpenWindowsAutomatically
, hasOnlySecureContent
Check if the webview can access local files with the protocol file:// (allowFileAccessFromFileURLs
, allowUniversalAccessFromFileURLs
)
Check if Javascript can access Native methods (JSContext
, postMessage
)
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.
Read
Prepare your environment reading
Read all the sections of to learn common actions to pentest an iOS application
can be used to store sensitive information.
(SQLite database) can store sensitive information.
(SQLite database) can store sensitive information.
miss-configuration.
can store sensitive information.
can store sensitive information.
can store sensitive information
can store sensitive information
can save visual sensitive information
is usually used to store sensitive information that can be left when reselling the phone.
Does the application ?
Check if sensitive information is saved in the
Check if
can be used to access the sensitive information saved in the file system (check the initial point of this checklist)
Also, can be used to modify some configurations of the application, then restore the backup on the phone, and the as the modified configuration is loaded some (security) functionality may be bypassed
Check for sensitive information inside the
Check if yo can find
Check for the use of to send/store sensitive data
If a is used in the application, you should check how the authentication is working.
If it's using the it could be easily bypassed
If it's using a you could create a custom frida script
Perform a and search for web vulnerabilities.
Check if the is checked
Check/Bypass
Check for mechanisms
Check for
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.
Use to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today: