iOS Pentesting

Get Started. It's Free
or sign up with your email address
iOS Pentesting by Mind Map: iOS Pentesting

1. Lab Setup

1.1. Weak Cryptography

1.1.1. Data Protection API

1.1.2. Weak Hashing & Encryption

1.1.3. Poor key management process

1.1.4. Use of custom encryption protocols

1.2. JailBroken Device

1.3. Cydia

1.3.1. 1. MTerminal 2. Substrate Safe Mode 3. OpenSSH 4. IPA Installer 5. BigBoss Recommended Tools 6. Network Commands 7. Bootstrap commands 8. Developer -cmds 9. Filza 10. Make 11. Nano 12. Apple Find Conduct Tool 13. House Arrest Fix 14. PreferencesLoader

1.4. Class Dump

1.5. Frida-iOS-dump

2. Application Installation

2.1. Using IPA File

2.2. Using .app File

2.3. Decrypting App

3. iOS Security Model & Legacy Issue

3.1. JailBroken Detection & Sandboxing

3.2. SSL Unpinning

3.3. Use of Disabling certificate validation

3.4. ASLR/PIE Flag Check

3.5. Format Strings

3.6. Buffer Overflows & Stack

4. Unintended Data Leakage

4.1. NSLog / Apple System Log

4.1.1. Integer Overflow & Heap

4.2. Application Backgrounding / Snapshots

4.3. Cache Prediction

4.4. Clipboard

4.5. Pastebin

4.6. GitHub

4.7. Keylogging & AutoCorrection Database

4.8. State Preservation

5. Insecure Data Storage

5.1. iOS Directory Structure

5.2. In Sqlite Database

5.3. In Info.plist

5.4. Core Framework

5.5. Keychain

6. Reverse Engineering / Debugging

6.1. Unauthorized Code Modification

6.2. Insecure version of OS Installation Allowed

7. Interprocess Communication

7.1. Scheme

7.1.1. Custom Scheme

7.1.2. Universal Link

7.2. Sharing Data with UIActivity

7.3. Application Extension

7.3.1. Exploit of Pasteboard

7.3.2. Restricting and Validating Shareable Data

8. iOS Networking

8.1. iOS URL Loading System

8.2. NSURLSession

8.3. Proxy Configure/SSL Pinning

9. Web-Based Exploitation

9.1. Abuse UIWebView

9.2. Risk of Javascript Cocoa Bridge

10. Runtime / Dynamic Analysis

10.1. Using Hopper

10.2. Method Swizzling & Categories

10.3. Callback & Blocks

10.4. Client Side Attack

10.4.1. Sql Injection

10.4.2. Cross-site Scripting

10.4.3. Prediction Injection

10.4.4. XML Injection

10.4.5. Application Level DOS

10.5. Broken Authentication & Session Management

10.5.1. Session Terminating after Password Reset

10.5.2. Expired Token can be reused

10.5.3. Authentication Bypass using Success Response

10.5.4. OAuth Flow & 2FA Bypass

10.5.5. Cleartext Tranmission

10.6. Broken Access Control (BAC)

10.6.1. SSRF

10.6.2. Prev Escalation & IDOR

10.6.3. Unauthorized API Call