hacktricks/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md

# Gestionnaires de protocoles WebView

Les gestionnaires de protocoles WebView sont des applications tierces qui peuvent être appelées à partir d'une application iOS pour gérer des URL spécifiques. Ces URL peuvent être utilisées pour lancer des actions spécifiques dans l'application tierce. Les gestionnaires de protocoles WebView peuvent être utilisés pour lancer des attaques de phishing ou pour exécuter du code malveillant sur l'appareil de l'utilisateur.

Les applications tierces peuvent être enregistrées pour gérer des URL spécifiques en ajoutant des entrées dans le fichier Info.plist de l'application. Les entrées peuvent être ajoutées pour les URL commençant par "http", "https", "ftp", "tel", "mailto", "sms", "facetime", "facetime-audio", "facetime-pstn", "maps", "itms", "itms-apps", "itms-services", "calshow", "webcal", "comgooglemaps", "comgooglemaps-x-callback", "waze", "fb", "twitter", "instagram", "linkedin", "pinterest", "tumblr", "vimeo", "vine", "youtube", "youku", "weibo", "sinaweibo", "zhihu", "alipay", "wechat", "mqq", "mqqapi", "mqqopensdkapi", "mqqopensdkapiV2", "mqqwpa", "mqzoneopensdkapiV2", "mqzoneopensdkapi", "wtloginmqq", "weixin", "wechatmoments", "wechatpay", "dingtalk", "dingtalk-open", "dingtalk-oapi", "dingtalk-test", "dingtalk-sso", "dingtalk-contacts", "dingtalk-im", "dingtalk-robot", "dingtalk-attendance", "dingtalk-smartwork", "dingtalk-workrecord", "dingtalk-process", "dingtalk-message", "dingtalk-calendar", "dingtalk-health", "dingtalk-approval", "dingtalk-notify", "dingtalk-ecosphere", "dingtalk-ecosphere-open", "dingtalk-ecosphere-oapi", "dingtalk-ecosphere-test", "dingtalk-ecosphere-sso", "dingtalk-ecosphere-contacts", "dingtalk-ecosphere-im", "dingtalk-ecosphere-robot", "dingtalk-ecosphere-attendance", "dingtalk-ecosphere-smartwork", "dingtalk-ecosphere-workrecord", "dingtalk-ecosphere-process", "dingtalk-ecosphere-message", "dingtalk-ecosphere-calendar", "dingtalk-ecosphere-health", "dingtalk-ecosphere-approval", "dingtalk-ecosphere-notify", "dingtalk-ecosphere-robotmarket", "dingtalk-ecosphere-robotmarket-open", "dingtalk-ecosphere-robotmarket-oapi", "dingtalk-ecosphere-robotmarket-test", "dingtalk-ecosphere-robotmarket-sso", "dingtalk-ecosphere-robotmarket-contacts", "dingtalk-ecosphere-robotmarket-im", "dingtalk-ecosphere-robotmarket-robot", "dingtalk-ecosphere-robotmarket-attendance", "dingtalk-ecosphere-robotmarket-smartwork", "dingtalk-ecosphere-robotmarket-workrecord", "dingtalk-ecosphere-robotmarket-process", "dingtalk-ecosphere-robotmarket-message", "dingtalk-ecosphere-robotmarket-calendar", "dingtalk-ecosphere-robotmarket-health", "dingtalk-ecosphere-robotmarket-approval", "dingtalk-ecosphere-robotmarket-notify", "dingtalk-ecosphere-robotmarket-robotmarket", "dingtalk-ecosphere-robotmarket-robotmarket-open", "dingtalk-ecosphere-robotmarket-robotmarket-oapi", "dingtalk-ecosphere-robotmarket-robotmarket-test", "dingtalk-ecosphere-robotmarket-robotmarket-sso", "dingtalk-ecosphere-robotmarket-robotmarket-contacts", "dingtalk-ecosphere-robotmarket-robotmarket-im", "dingtalk-ecosphere-robotmarket-robotmarket-robot", "dingtalk-ecosphere-robotmarket-robotmarket-attendance", "dingtalk-ecosphere-robotmarket-robotmarket-smartwork", "dingtalk-ecosphere-robotmarket-robotmarket-workrecord", "dingtalk-ecosphere-robotmarket-robotmarket-process", "dingtalk-ecosphere-robotmarket-robotmarket-message", "dingtalk-ecosphere-robotmarket-robotmarket-calendar", "dingtalk-ecosphere-robotmarket-robotmarket-health", "dingtalk-ecosphere-robotmarket-robotmarket-approval", "dingtalk-ecosphere-robotmarket-robotmarket-notify", "dingtalk-ecosphere-robotmarket-robotmarket-robotmarket".

Les applications tierces peuvent également être enregistrées pour gérer des URL personnalisées en ajoutant des entrées dans le fichier Info.plist de l'application. Les entrées peuvent être ajoutées pour les URL personnalisées commençant par un préfixe spécifique.

Les attaquants peuvent utiliser des URL malveillantes pour lancer des attaques de phishing ou pour exécuter du code malveillant sur l'appareil de l'utilisateur. Les attaquants peuvent également utiliser des URL malveillantes pour rediriger l'utilisateur vers des sites Web malveillants ou pour voler des informations sensibles de l'utilisateur.
Translated to French 2023-06-03 13:10:46 +00:00			`# Gestionnaires de protocoles WebView`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to French 2023-06-03 13:10:46 +00:00			`Les gestionnaires de protocoles WebView sont des applications tierces qui peuvent être appelées à partir d'une application iOS pour gérer des URL spécifiques. Ces URL peuvent être utilisées pour lancer des actions spécifiques dans l'application tierce. Les gestionnaires de protocoles WebView peuvent être utilisés pour lancer des attaques de phishing ou pour exécuter du code malveillant sur l'appareil de l'utilisateur.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to French 2023-06-03 13:10:46 +00:00			Les applications tierces peuvent être enregistrées pour gérer des URL spécifiques en ajoutant des entrées dans le fichier Info.plist de l'application. Les entrées peuvent être ajoutées pour les URL commençant par "http", "https", "ftp", "tel", "mailto", "sms", "facetime", "facetime-audio", "facetime-pstn", "maps", "itms", "itms-apps", "itms-services", "calshow", "webcal", "comgooglemaps", "comgooglemaps-x-callback", "waze", "fb", "twitter", "instagram", "linkedin", "pinterest", "tumblr", "vimeo", "vine", "youtube", "youku", "weibo", "sinaweibo", "zhihu", "alipay", "wechat", "mqq", "mqqapi", "mqqopensdkapi", "mqqopensdkapiV2", "mqqwpa", "mqzoneopensdkapiV2", "mqzoneopensdkapi", "wtloginmqq", "weixin", "wechatmoments", "wechatpay", "dingtalk", "dingtalk-open", "dingtalk-oapi", "dingtalk-test", "dingtalk-sso", "dingtalk-contacts", "dingtalk-im", "dingtalk-robot", "dingtalk-attendance", "dingtalk-smartwork", "dingtalk-workrecord", "dingtalk-process", "dingtalk-message", "dingtalk-calendar", "dingtalk-health", "dingtalk-approval", "dingtalk-notify", "dingtalk-ecosphere", "dingtalk-ecosphere-open", "dingtalk-ecosphere-oapi", "dingtalk-ecosphere-test", "dingtalk-ecosphere-sso", "dingtalk-ecosphere-contacts", "dingtalk-ecosphere-im", "dingtalk-ecosphere-robot", "dingtalk-ecosphere-attendance", "dingtalk-ecosphere-smartwork", "dingtalk-ecosphere-workrecord", "dingtalk-ecosphere-process", "dingtalk-ecosphere-message", "dingtalk-ecosphere-calendar", "dingtalk-ecosphere-health", "dingtalk-ecosphere-approval", "dingtalk-ecosphere-notify", "dingtalk-ecosphere-robotmarket", "dingtalk-ecosphere-robotmarket-open", "dingtalk-ecosphere-robotmarket-oapi", "dingtalk-ecosphere-robotmarket-test", "dingtalk-ecosphere-robotmarket-sso", "dingtalk-ecosphere-robotmarket-contacts", "dingtalk-ecosphere-robotmarket-im", "dingtalk-ecosphere-robotmarket-robot", "dingtalk-ecosphere-robotmarket-attendance", "dingtalk-ecosphere-robotmarket-smartwork", "dingtalk-ecosphere-robotmarket-workrecord", "dingtalk-ecosphere-robotmarket-process", "dingtalk-ecosphere-robotmarket-message", "dingtalk-ecosphere-robotmarket-calendar", "dingtalk-ecosphere-robotmarket-health", "dingtalk-ecosphere-robotmarket-approval", "dingtalk-ecosphere-robotmarket-notify", "dingtalk-ecosphere-robotmarket-robotmarket", "dingtalk-ecosphere-robotmarket-robotmarket-open", "dingtalk-ecosphere-robotmarket-robotmarket-oapi", "dingtalk-ecosphere-robotmarket-robotmarket-test", "dingtalk-ecosphere-robotmarket-robotmarket-sso", "dingtalk-ecosphere-robotmarket-robotmarket-contacts", "dingtalk-ecosphere-robotmarket-robotmarket-im", "dingtalk-ecosphere-robotmarket-robotmarket-robot", "dingtalk-ecosphere-robotmarket-robotmarket-attendance", "dingtalk-ecosphere-robotmarket-robotmarket-smartwork", "dingtalk-ecosphere-robotmarket-robotmarket-workrecord", "dingtalk-ecosphere-robotmarket-robotmarket-process", "dingtalk-ecosphere-robotmarket-robotmarket-message", "dingtalk-ecosphere-robotmarket-robotmarket-calendar", "dingtalk-ecosphere-robotmarket-robotmarket-health", "dingtalk-ecosphere-robotmarket-robotmarket-approval", "dingtalk-ecosphere-robotmarket-robotmarket-notify", "dingtalk-ecosphere-robotmarket-robotmarket-robotmarket".
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to French 2023-06-03 13:10:46 +00:00			`Les applications tierces peuvent également être enregistrées pour gérer des URL personnalisées en ajoutant des entrées dans le fichier Info.plist de l'application. Les entrées peuvent être ajoutées pour les URL personnalisées commençant par un préfixe spécifique.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to French 2023-06-03 13:10:46 +00:00			`Les attaquants peuvent utiliser des URL malveillantes pour lancer des attaques de phishing ou pour exécuter du code malveillant sur l'appareil de l'utilisateur. Les attaquants peuvent également utiliser des URL malveillantes pour rediriger l'utilisateur vers des sites Web malveillants ou pour voler des informations sensibles de l'utilisateur.`