mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-22 11:03:24 +00:00
49 lines
2.7 KiB
Markdown
49 lines
2.7 KiB
Markdown
|
# iOS Pentesting Checklist
|
||
|
|
|
||
|
|
### Data Storage
|
||
|
|
|
||
|
|
* [ ] [**Plist files**](./#plist) can be used to store sensitive information.
|
||
|
|
* [ ] \*\*\*\*[**Core Data**](./#core-data) \(SQLite database\) can store sensitive information.
|
||
|
|
* [ ] \*\*\*\*[**YapDatabases**](./#yapdatabase) \(SQLite database\) can store sensitive information.
|
||
|
|
* [ ] \*\*\*\*[**Firebase**](./#firebase-real-time-databases) miss-configuration.
|
||
|
|
* [ ] \*\*\*\*[**Realm databases**](./#realm-databases) can store sensitive information.
|
||
|
|
* [ ] \*\*\*\*[**Couchbase Lite databases**](./#couchbase-lite-databases) can store sensitive information.
|
||
|
|
* [ ] \*\*\*\*[**Binary cookies**](./#cookies) can store sensitive information
|
||
|
|
* [ ] \*\*\*\*[**Cache data**](./#cache) can store sensitive information
|
||
|
|
* [ ] \*\*\*\*[**Automatic snapshots**](./#snapshots) can save visual sensitive information
|
||
|
|
* [ ] \*\*\*\*[**Keychain**](./#keychain) is usually used to store sensitive information that can be left when reselling the phone.
|
||
|
|
* [ ] In summary, just **check for sensitive information saved by the application in the filesystem**
|
||
|
|
|
||
|
|
### Keyboards
|
||
|
|
|
||
|
|
* [ ] Does the application [**allow to use custom keyboards**](./#custom-keyboards-keyboard-cache)?
|
||
|
|
* [ ] Check if sensitive information is saved in the [**keyboards cache files**](./#custom-keyboards-keyboard-cache)\*\*\*\*
|
||
|
|
|
||
|
|
### **Logs**
|
||
|
|
|
||
|
|
* [ ] Check if [**sensitive information is being logged**](./#logs)\*\*\*\*
|
||
|
|
|
||
|
|
### **Clipboard**
|
||
|
|
|
||
|
|
* [ ] If using the keyboard the application should use [**private clipboards**](./#clipboard)
|
||
|
|
* [ ] Is the app using the info from the [**global clipboard**](./#clipboard) for anything?
|
||
|
|
* [ ] Does the app allow to copy [**sensitive information to the clipboard**](./#clipboard)?
|
||
|
|
|
||
|
|
### Backups
|
||
|
|
|
||
|
|
* [ ] \*\*\*\*[**Backups**](./#backups) can be used to **access the sensitive information** saved in the file system \(check the initial point of this checklist\)
|
||
|
|
* [ ] Also, [**backups**](./#backups) can be used to **modify some configurations of the application**, then **restore** the backup on the phone, and the as the **modified configuration** is **loaded** some \(security\) **functionality** may be **bypassed**
|
||
|
|
|
||
|
|
### **Applications Memory**
|
||
|
|
|
||
|
|
* [ ] Check for sensitive information inside the [**application's memory**](./#testing-memory-for-sensitive-data)\*\*\*\*
|
||
|
|
|
||
|
|
### **Local Authentication**
|
||
|
|
|
||
|
|
* [ ] If a [**local authentication**](./#local-authentication) is used in the application, you should check how the authentication is working.
|
||
|
|
* [ ] If it's using the [**Local Authentication Framework**](./#local-authentication-framework) it could be easily bypassed
|
||
|
|
* [ ] If it's using a [**function that can dynamically bypassed**](./#local-authentication-using-keychain) you could create a custom frida script
|
||
|
|
|
||
|
|
|
||
|
|
|