iOS Pentesting Checklist
If you want to know about my latest modifications/additions or you have any suggestion for HackTricks or PEASS, join the 💬 PEASS & HackTricks telegram group here, or follow me on Twitter 🐦@carlospolopm. If you want to share some tricks with the community you can also submit pull requests to **[https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) **that will be reflected in this book. Don't forget to give ⭐ on the github** to motivate me to continue developing this book.
Preparation
Data Storage
Keyboards
Logs
Backups
Applications Memory
Broken Cryptography
Local Authentication
Sensitive Functionality Exposure Through IPC
****Custom URI Handlers / Deeplinks / Custom Schemes****
Check if the application is registering any protocol/scheme
Check if the application is registering to use any protocol/scheme
Check if the application expects to receive any kind of sensitive information from the custom scheme that can be intercepted by the another application registering the same scheme
Check if the application isn't checking and sanitizing users input via the custom scheme and some vulnerability can be exploited
Check if the application exposes any sensitive action that can be called from anywhere via the custom scheme
****Universal Links****
Check if the application is registering any universal protocol/scheme
Check the
apple-app-site-association
fileCheck if the application isn't checking and sanitizing users input via the custom scheme and some vulnerability can be exploited
Check if the application exposes any sensitive action that can be called from anywhere via the custom scheme
****UIActivity Sharing****
Check if the application can receive UIActivities and if it's possible to exploit any vulnerability with specially crafted activity
****UIPasteboard****
Check if the application if copying anything to the general pasteboard
Check if the application if using the data from the general pasteboard for anything
Monitor the pasteboard to see if any sensitive data is copied
****App Extensions****
Is the application using any extension?
WebViews****
Check which kind of webviews are being used
Check the status of
javaScriptEnabled
,JavaScriptCanOpenWindowsAutomatically
,hasOnlySecureContent
Check if the webview can access local files with the protocol file:// (
allowFileAccessFromFileURLs
,allowUniversalAccessFromFileURLs
)Check if Javascript can access Native methods (
JSContext
,postMessage
)
Network Communication
Perform a MitM to the communication and search for web vulnerabilities.
Check if the hostname of the certificate is checked
Check/Bypass Certificate Pinning****
Misc
Check for automatic patching/updating mechanisms
Check for malicious third party libraries****
Last updated