Sec-88
  • 🧑Whoami
  • 🕸️Web-AppSec
    • Features Abuse
      • 2FA
      • Ban Feature
      • CAPTCHA
      • Commenting
      • Contact us
      • File-Upload
      • Inviting Feature
      • Messaging Features
      • Money-Related Features
      • Newsletter
      • Profile - Settings
      • Registration
      • Reset Password
      • Review
      • Rich Editor/Text
      • Social Sharing
      • Billing-Shipping Address Management
      • Integrations - Webhooks
      • API Key Management
    • Reconnaissance
      • Attacking Organizations with big scopes
    • Subdomain Enumeration
    • Fingerprinting
    • Dorking
    • XSS-HTML Injection
    • Improper Authentication
      • JWT Security
    • OAUTH Misconfigurations
      • OAuth 2.0 Basics
      • OAUTH Misconfigurations
    • Auth0 Misconfigurations
    • Broken Access Control
      • Insecure Direct Object References (IDOR)
      • 403 Bypass
    • Broken Link Injection
    • Command Injection
    • CORS
    • CRLF
    • CSRF
    • Host Header Attacks
    • HTTP request smuggling
    • JSON Request Testing
    • LFI
      • LFI to RCE
    • No Rate Limit
    • Parameters Manual Testing
    • Open Redirect
    • Registration & Takeover Bugs
    • Remote Code Execution (RCE)
    • Session Fixation
    • SQL Injection
      • SQL To RCE
    • SSRF
    • SSTI
    • Subdomain Takeover
    • Web Caching Vulnerabilities
    • WebSockets
    • XXE
      • XXE to RCE
    • Cookie Based Attacks
    • CMS
      • AEM [Adobe CMS]
    • XSSI (Cross Site Script Inclusion)
    • NoSQL injection
    • Local VS Remote Session Fixation
    • Protection
      • Security Mechanisms for Websites
      • Cookie Flags
      • SameSite Cookie Restrictions
      • Same-origin policy (SOP)
      • CSP
    • Hacking IIS Applications
    • Dependency Confusion
    • Attacking Secondary Context
    • Hacking Web Sockets
    • IDN Homograph Attack
    • DNS Rebinding Attack
    • LLM Hacking Checklist
    • Bypass URL Filtration
    • Cross-Site Path Traversal (CSPT)
    • PostMessage Security
    • Prototype Pollution
      • Client-Side Prototype Pollution
      • Server-Side prototype pollution
    • Tools-Extensions-Bookmarks
    • WAF Bypassing Techniques
    • SSL/TLS Certificate Lifecycle
    • Serialization in .NET
    • Client-Side Attacks
      • JavaScript Analysis
    • Bug Bounty Platforms/Programs
    • DNS Dangling / NS Takeover
  • ✉️API-Sec
    • GraphQL API Security Testing
      • The Basics
      • GraphQL Communication
      • Setting Up a Vulnerable GraphQL Server
      • GraphQL Hacking Tools
      • GraphQL Attack Surface
      • RECONNAISSANCE
      • GraphQL DOS
      • Information Disclosure
      • AUTHENTICATION AND AUTHORIZATION BYPASSES
      • Injection Vulnerabilities in GraphQL
      • REQUEST FORGERY AND HIJACKING
      • VULNERABILITIES, REPORTS AND EXPLOITS
      • GraphQL Hacking Checklist
    • API Recon
    • API Token Attacks
    • Broken Object Level Authorization (BOLA)
    • Broken Authentication
    • Evasive Maneuvers
    • Improper Assets Management
    • Mass Assignment Attacks
    • SSRF
    • Injection Vulnerabilities
    • Excessive Data Exposure
    • OWASP API TOP 10 MindMap
    • Scanning APIs with OWASP ZAP
  • 📱Android-AppSec
    • Setup Android App Pentesting environment on Arch
    • Setup Android App Pentesting environment on Mac M4
    • Setup Android Pentesting Environment on Debian Linux
    • Android App Fundamentals
      • Android Architecture
      • Android Security Model
      • Android App Components
        • Intents
        • Pending Intents
    • Android App Components Security Cheatsheet
    • Android App Pentesting Checklist
    • How To Get APK file for application
    • ADB Commands
    • APK structure
    • Android Permissions
    • Exported Activity Hacking
    • BroadcastReceiver Hacking
    • Content Provider Hacking
    • Signing the APK
    • Reverse Engineering APK
    • Deep Links Hacking
    • Drozer Cheat Sheet
    • SMALI
      • SMALI Cheat Sheet
      • Smali Code Patching Guide
    • Intent Redirection Vulnerability
    • Janus Vulnerability (CVE-2017-13156)
    • Task Hijacking
    • Hacking Labs
      • Injured Android
      • Hacking the VulnWebView Lab
      • Hacking InsecureBankv2 App
    • Frida Cheat Sheet
  • 📶Network-Sec
    • Networking Fundamentals
    • Open Ports Security Testing
    • Vulnerability Scanning
    • Client Side Attacks
    • Port Redirection and Tunneling
    • Password Attacks
    • Privilege Escalation [PrevEsc]
      • Linux Privilege Escalation
    • Buffer Overflow (BOF)
      • VulnServer
      • Sync Breez Enterprize
      • Crashed CTF
      • BOF for Linux
    • AV Evasion
    • Post Exploitation
      • File Transfer
      • Maintaining Access
      • Pivoting
      • Clean Up
    • Active Directory
      • Basic AD Pentesting
  • 💻Desktop AppSec
    • Thin Client vs. Thick Client
  • ☁️Cloud Sec
    • Salesforce Hacking
      • Basics
      • Salesforce SAAS Apps Hacking
    • Firebase
    • S3 Buckets Misconfigurations
    • Amazon Cognito Misconfiguraitons
  • 👨‍💻Programming
    • HTML
    • JavaScript (JS)
      • window.location object
    • Python
      • Python Tips
      • Set
        • SetMethods
    • JAVA
      • Java Essentials
      • Java Essentials Code Notes
      • Java OOP1
      • JAVA OOP Principles
        • Inheritance
        • Method Overriding
        • Abstract Class
        • Interface
        • polymorphism
        • Encapsulation
        • Composition
      • Java OOP Challenges
      • Exception Handling
    • Go
      • Go Syntax Tutorial in one file
      • Methods and Interfaces
      • Go Slices
      • Go Maps
      • Go Functions
      • Concurrency
      • Read Files
      • Write Files
      • Package
        • How to make personal Package
        • regexp Packages
        • Json
        • bufio
        • Time
      • Signals-Exit
      • Unit Testing
  • 🖥️Operating Systems
    • Linux
      • Linux Commands
      • Tools
      • Linux File System
      • Bash Scripting guide
      • tmux
      • Git
      • Install Go tools from private repositories using GitHub PAT
    • VPS
    • Burp Suite
  • ✍️Write-Ups
    • Hunting Methodology
    • API BAC leads to PII Data Disclosure
    • Misconfigured OATUH leads to Pre-Account Takeover
    • Automating Bug Bounty with GitHub Actions
    • From Recon to Reward: My Bug Bounty Methodology when Hunting on Public Bug Bounty Programs
    • Exploring Subdomains: From Enumeration to Takeover Victory
    • 0-Click Account Takeover via Insecure Password Reset Feature
    • How a Simple Click Can Lead to Account Takeover: An OAuth Insecure Implementation Vulnerability
    • The Power Of IDOR even if it is unpredictable IDs
    • Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens
    • AI Under Siege: Discovering and Exploiting Vulnerabilities
    • Inside the Classroom: How We Hacked Our Way Past Authorization on a Leading EdTech Platform
    • How We Secured Our Client’s Platform Against Interaction-Free Account Thefts
    • Unchecked Privileges: The Hidden Risk of Role Escalation in Collaborative Platforms
    • Decoding Server Behavior: The Key to Mass Account Takeover
    • Exploiting JSON-Based CSRF: The Hidden Threat in Profile Management
    • How We Turned a Medium XSS into a High Bounty by Bypassing HttpOnly Cookie
  • IOS-AppSec
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub

IOS-AppSec

PreviousHow We Turned a Medium XSS into a High Bounty by Bypassing HttpOnly Cookie

Last updated 1 day ago

Was this helpful?

Analysis Tools

Everything that can be useful in analyzing applications: various libraries, modules to find vulnerabilities, whole frameworks and systems.

References

Vulnerable Applications

Here are about different CTFs and how to pass them. All this will help to practice and understand what vulnerabilities may be in iOS applications and how to look for them. So far, the tasks themselves, and the passage have combined into one point. When there are more of them, it will be possible to divide (as it is done for Android).

References
  • Magnet Virtual Summit 2020 CTF (iOS)

Video

Here are collected all videos related to the security of iOS. So far, I have found only English-language materials, but I hope that in the future they will be added in Russian.

References

Articles

In this block - a variety of articles and materials on iOS. Russian-speaking and English-speaking - separately. A block with articles related to Frida is in a separate section, since today it is probably the most common framework for testing. It is probably useful to see how it is used on real applications.

Ru

References

En

References

Frida

Other

  • Reverse Engineering Starling Bank

Collected Resources

Checklists

bagback
PassionFruit
GrapeFruit
IOS Security Suite
Blocking Jailbreak Detection Tweaks
NetworkSniffer
Ghidra iOS kernelcache framework for reverse engineering
frida-ios-dump
dumpdecrypted
Yet Yet Another Code Decrypter
xpcpy - Bidirectional XPC message interception and more
checkra1n jailbreak
Frida
Objection - mobile exploration toolkit by Frada
Bfinfect
iFunbox
Libimobiledevice - library to communicate with the services of the Apple iOS devices
iRET (iOS Reverse Engineering Toolkit)
Burp Suite
Cycript
iLEAPP - iOS Logs, Events, And Preferences Parser
Cutter - Free and Open Source RE Platform Powered by Darree2
decrypt0r - downloading and decrypt SecuroRom
Mobile-Security-Framework MobS
Runtime Mobile Security (RMS) - is a powerful web interface that helps you manipulate to Android and iOS Apps at Runtime
fridax
MOBEXLER
Generate Malformed QRCodes
Tool for Injecting Malicious Payloads Into Barcodes
AFL - american fuzzy lop
Setup for i0S and Android Application Analysis
AES Killer (Burpsuite Plugin)
ReFlutter
Lief
Mobile Verification Toolkit
Myriam iOS
ExploitMe Mobile iPhone Labs
Owasp: iGoat
Damn Vulnerable iOS App (DVIA)
Damn Vulnerable iOS App (DVIA) v2
DVIA Walkthrow
OWASP: OMTG-Hacking-Playground
writeup 1
writeup 2
iOS Application Vulnerabilities and how to find them
Attacking iPhone XS Max
Behind the Scenes of iOS Security
Analyzing and Attacking Apple Kernel Drivers
Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
Demystifying the Secure Enclave Processor
HackPac Hacking Pointer Authentication in iOS User Space
iOS 10 Kernel Heap Revisited
Recreating An iOS 0-Day Jailbreak Out Of Apple's Security Updates
Building Secure iOS Apps (You don't have to learn it the hard way!)
The Worst Mobile Apps
Learn modding Unity apps and games with Frida
Your flashlight can send SMS
The iPhone boot process. Part 1: Boot ROM
Guide to reverse iOS app on the example of ExpressVPN
Hacking and implementing your code into someone else’s iOS application
iOS App security: guide for beginners
Just for fun: How much does iOS live to Jailbreak
https://www.allysonomalley.com
iOS Swift Anti-Jailbreak Bypass with Frida
Gotta Catch 'Em All: Frida & jailbreak detection
Beginning Frida: Learning Frida use on Linux and (just a bit on) Wintel and Android systems with Python and JavaScript (Frida. hooking, and other tools)
How Learning to Use Frida with Unity App
iOS Write ups
iOS Internals & Security Testing
Hacking iOS Simulator with simctl and dynamic products
Psychic Paper
Stealing your SMS messages with iOS 0day
Zero-day in Sign in with Apple
Return of the iOS Sandbox Rebet: Lightspeeds Back in the Race
PIN Selection on Smartphones
A survey of recent iOS kernel exploits
Apple Two-Factor Authentication: SMS vs. Trusted Devices
Intercepting Flutter Traffic on iOS
Snapchat detection on iOS
Writing an iOS Kernel Exploit from Scratch
The Four Ways to Deal with iPhone Backup Passwords
Extracting and Decrypting iOS Keychain: Physical, Logical and Cloud Options Explored
iOS Kernel Explotation - One Byte to rule all
Modern iOS Application Security
Reverse Engineering iOS Mobile Apps
KTRW: The journey to build a debuggable iPhone
The One Weird Trick SecureROM Hates
Tales of: old untethering iOS 11-Spoiler: Apple is bad at patching
Messenger Hacking: Remotely Compromising an iPhone while IMessage
Reverse Engineering the iOS Simulator's SpringBoard
Most usable tools for iOS testing
iOS-Security-Guides
Trust in Apple's Secret Garden: Exploring & Reversing Apple's Continuity Protocol-Slides
Apple Platform Security
Mobile security, forensics & malware analysis with Santoku Linux
Stealing local files using Safari Web Share API
CVE-2020-9964 - An iOS infoleak
Attack Secure Boot of SEP
iOS 14 Forensics: What Has Changed Since iOS 13.7
We Hacked Apple for 3 Months: Here's What We Found
Fun with XPC
Bypass Facebook SSL Certificate Pinning for iOS
Bypass Instagram SSL Certificate Pinning for iOS
ASLR & the iOS Kernel - How Virtual Address Spaces is randomised
iOS/papecOS testing cheatsheet
M1ssing Register Access Controls Leak EL0 State
Jailbroken iOS can't run macOS apps. I spend a week to find out why.
Quick Analysis for the SSID Format String Bug
Unpatch iPhone Bug Allows Remote Device Takeover
Part I: Obfuscation Techniques
Part II: Jailbreak & Debugger Detection, Weaknesses & Mitigations
ProtonMail : forensic decryption of iOS App
iOS on QEMU
Proxying is not the way to the monitor network on your iOS mobile apps
Forensic guide to iMessage, WhatsApp, Telegram, Signal and Skype data acquisition
Malware Uses Corporate MDM as attack vector
Mobexler Checklist
Ad Fraud Spotted in Barcode Reader Malware Analysis
Researching Confid Messenger Encryption
Reverse Engineering Snapchat (Part I): Obfuscation Techniques
Reverse Engineering Snapchat (Part II): Deobfuscating the Undeobfuscatable
Firebase Cloud Messaging Service Takeover
Saying Goodbye to My Favorite 5 Minute P1
Reverse engineering Flutter apps (Part 1)
How I Hacked Facebook Again!
Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS
How to UseGhidra to Reverse Engineer Mobile Application
React Native Application Static Analysis
Pentesting Non-Proxy Aware Mobile Applications Without Root/Jailbreak
CVE-2021-30737 - Vulnerability Overview
CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability
OWASP MSTG
Full Mobile Hacking Course
NowSecure Academy
Подборка материалов по мобильной безопасности «Awesome Mobile Security»Habr
Logo
iOS Pentesting Checklist - HackTricks
Logo