2021-05-21 17:13:19 +00:00
# iOS Pentesting Checklist
2022-03-27 21:47:46 +00:00
{% hint style="warning" %}
**Support HackTricks and get benefits!**
2022-04-05 22:37:49 +00:00
Do you work in a **cybersecurity company** ? Do you want to see your **company announced in HackTricks** ? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF** ?
Check the [**SUBSCRIPTION PLANS** ](https://github.com/sponsors/carlospolop )!
2022-03-27 21:47:46 +00:00
2022-04-05 22:24:52 +00:00
Discover [**The PEASS Family** ](https://opensea.io/collection/the-peass-family ), our collection of exclusive [**NFTs** ](https://opensea.io/collection/the-peass-family )
2021-05-31 09:39:02 +00:00
2022-04-05 22:24:52 +00:00
Get the [**official PEASS & HackTricks swag** ](https://peass.creator-spring.com )
2022-03-27 21:47:46 +00:00
2022-04-05 22:24:52 +00:00
**Join the** [**💬** ](https://emojipedia.org/speech-balloon/ ) [**Discord group** ](https://discord.gg/hRep4RUj7f ) or the [**telegram group** ](https://t.me/peass ) or **follow** me on **Twitter** [**🐦** ](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md )[**@carlospolopm** ](https://twitter.com/carlospolopm )**.**
2022-03-27 21:47:46 +00:00
**Share your hacking tricks submitting PRs to the** [**hacktricks github repo** ](https://github.com/carlospolop/hacktricks )**.**
{% endhint %}
2021-05-21 17:13:19 +00:00
### Preparation
2022-03-27 21:47:46 +00:00
* [ ] Read [**iOS Basics** ](ios-pentesting/ios-basics.md )
* [ ] Prepare your environment reading [**iOS Testing Environment** ](ios-pentesting/ios-testing-environment.md )
2022-01-31 14:51:03 +00:00
* [ ] Read all the sections of [**iOS Initial Analysis** ](ios-pentesting/#initial-analysis ) to learn common actions to pentest an iOS application
2021-05-21 17:13:19 +00:00
### Data Storage
* [ ] [**Plist files** ](ios-pentesting/#plist ) can be used to store sensitive information.
2022-03-27 21:47:46 +00:00
* [ ] [**Core Data** ](ios-pentesting/#core-data ) (SQLite database) can store sensitive information.
* [ ] [**YapDatabases** ](ios-pentesting/#yapdatabase ) (SQLite database) can store sensitive information.
* [ ] [**Firebase** ](ios-pentesting/#firebase-real-time-databases ) miss-configuration.
* [ ] [**Realm databases** ](ios-pentesting/#realm-databases ) can store sensitive information.
* [ ] [**Couchbase Lite databases** ](ios-pentesting/#couchbase-lite-databases ) can store sensitive information.
* [ ] [**Binary cookies** ](ios-pentesting/#cookies ) can store sensitive information
* [ ] [**Cache data** ](ios-pentesting/#cache ) can store sensitive information
* [ ] [**Automatic snapshots** ](ios-pentesting/#snapshots ) can save visual sensitive information
* [ ] [**Keychain** ](ios-pentesting/#keychain ) is usually used to store sensitive information that can be left when reselling the phone.
2021-05-21 17:13:19 +00:00
* [ ] In summary, just **check for sensitive information saved by the application in the filesystem**
### Keyboards
* [ ] Does the application [**allow to use custom keyboards** ](ios-pentesting/#custom-keyboards-keyboard-cache )?
2022-03-27 21:47:46 +00:00
* [ ] Check if sensitive information is saved in the [**keyboards cache files** ](ios-pentesting/#custom-keyboards-keyboard-cache )
2021-05-21 17:13:19 +00:00
### **Logs**
2022-03-27 21:47:46 +00:00
* [ ] Check if [**sensitive information is being logged** ](ios-pentesting/#logs )
2021-05-21 17:13:19 +00:00
### Backups
2022-03-27 21:47:46 +00:00
* [ ] [**Backups** ](ios-pentesting/#backups ) can be used to **access the sensitive information** saved in the file system (check the initial point of this checklist)
2021-10-18 11:21:18 +00:00
* [ ] Also, [**backups** ](ios-pentesting/#backups ) can be used to **modify some configurations of the application** , then **restore** the backup on the phone, and the as the **modified configuration** is **loaded** some (security) **functionality** may be **bypassed**
2021-05-21 17:13:19 +00:00
### **Applications Memory**
2022-03-27 21:47:46 +00:00
* [ ] Check for sensitive information inside the [**application's memory** ](ios-pentesting/#testing-memory-for-sensitive-data )
2021-05-21 17:13:19 +00:00
### **Broken Cryptography**
2022-03-27 21:47:46 +00:00
* [ ] Check if yo can find [**passwords used for cryptography** ](ios-pentesting/#broken-cryptography )
2021-05-21 17:13:19 +00:00
* [ ] Check for the use of [**deprecated/weak algorithms** ](ios-pentesting/#broken-cryptography ) to send/store sensitive data
2022-03-27 21:47:46 +00:00
* [ ] [**Hook and monitor cryptography functions** ](ios-pentesting/#broken-cryptography )
2021-05-21 17:13:19 +00:00
### **Local Authentication**
* [ ] If a [**local authentication** ](ios-pentesting/#local-authentication ) is used in the application, you should check how the authentication is working.
* [ ] If it's using the [**Local Authentication Framework** ](ios-pentesting/#local-authentication-framework ) it could be easily bypassed
* [ ] If it's using a [**function that can dynamically bypassed** ](ios-pentesting/#local-authentication-using-keychain ) you could create a custom frida script
### Sensitive Functionality Exposure Through IPC
2022-03-27 21:47:46 +00:00
* [**Custom URI Handlers / Deeplinks / Custom Schemes** ](ios-pentesting/#custom-uri-handlers-deeplinks-custom-schemes )
2021-05-21 17:13:19 +00:00
* [ ] Check if the application is **registering any protocol/scheme**
2021-11-30 16:46:07 +00:00
* [ ] Check if the application is **registering to use** any protocol/scheme
2021-05-21 17:13:19 +00:00
* [ ] Check if the application **expects to receive any kind of sensitive information** from the custom scheme that can be **intercepted** by the another application registering the same scheme
* [ ] Check if the application **isn't checking and sanitizing** users input via the custom scheme and some **vulnerability can be exploited**
2021-11-30 16:46:07 +00:00
* [ ] Check if the application **exposes any sensitive action** that can be called from anywhere via the custom scheme
2022-03-27 21:47:46 +00:00
* [**Universal Links** ](ios-pentesting/#universal-links )
2021-05-21 17:13:19 +00:00
* [ ] Check if the application is **registering any universal protocol/scheme**
2022-03-27 21:47:46 +00:00
* [ ] Check the `apple-app-site-association` file
2021-05-21 17:13:19 +00:00
* [ ] Check if the application **isn't checking and sanitizing** users input via the custom scheme and some **vulnerability can be exploited**
2021-11-30 16:46:07 +00:00
* [ ] Check if the application **exposes any sensitive action** that can be called from anywhere via the custom scheme
2022-03-27 21:47:46 +00:00
* [**UIActivity Sharing** ](ios-pentesting/ios-uiactivity-sharing.md )
2021-05-21 17:13:19 +00:00
* [ ] Check if the application can receive UIActivities and if it's possible to exploit any vulnerability with specially crafted activity
2022-03-27 21:47:46 +00:00
* [**UIPasteboard** ](ios-pentesting/ios-uipasteboard.md )
2021-05-21 17:13:19 +00:00
* [ ] Check if the application if **copying anything to the general pasteboard**
* [ ] Check if the application if **using the data from the general pasteboard for anything**
* [ ] Monitor the pasteboard to see if any **sensitive data is copied**
2022-03-27 21:47:46 +00:00
* [**App Extensions** ](ios-pentesting/ios-app-extensions.md )
2021-05-21 17:13:19 +00:00
* [ ] Is the application **using any extension** ?
2022-03-27 21:47:46 +00:00
* [**WebViews** ](ios-pentesting/ios-webviews.md )
2021-05-21 17:13:19 +00:00
* [ ] Check which kind of webviews are being used
* [ ] Check the status of ** `javaScriptEnabled` **, ** `JavaScriptCanOpenWindowsAutomatically` **, ** `hasOnlySecureContent` **
2021-10-18 11:21:18 +00:00
* [ ] Check if the webview can **access local files** with the protocol **file://** ** (**`allowFileAccessFromFileURLs`, `allowUniversalAccessFromFileURLs` )
* [ ] Check if Javascript can access **Native** **methods** (`JSContext`, `postMessage` )
2021-05-21 17:13:19 +00:00
### Network Communication
* [ ] Perform a [**MitM to the communication** ](ios-pentesting/#network-communication ) and search for web vulnerabilities.
* [ ] Check if the [**hostname of the certificate** ](ios-pentesting/#hostname-check ) is checked
2022-03-27 21:47:46 +00:00
* [ ] Check/Bypass [**Certificate Pinning** ](ios-pentesting/#certificate-pinning )
2021-05-21 17:13:19 +00:00
### **Misc**
* [ ] Check for [**automatic patching/updating** ](ios-pentesting/#hot-patching-enforced-updateing ) mechanisms
2022-03-27 21:47:46 +00:00
* [ ] Check for [**malicious third party libraries** ](ios-pentesting/#third-parties )