Skip to content
/ Swift.nV Public
forked from NetSPI/Swift.nV

Security Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS

License

GPL-2.0 license
0 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jclark434175/Swift.nV

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
Swift.nV.xcodeproj
Swift.nV.xcodeproj
 
 
Swift.nV
Swift.nV
 
 
api
api
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation

Swift.nV

Swift.nV is a vulnerable iOS "secret keeper" application. It is intended as a security training tool instructing Swift developers on common mobile application vulnerabilities, how they are found, and how to prevent them.

Setup

Swift.nV has currently been tested using:

XCode 7.2
iOS Simulator 
	- iPhone 4s/5/5s/6/6+/6s/6s+
	- iPad 2/Air/Air 2/Pro
	- iOS 9.2
Ruby + Sinatra (for the backend web service)
	Required Ruby Gems:
	- sinatra, dm-core, dm-timestamps, dm-migrations, dm-serializer, bcrypt

Run

- Open up the Swift.nV.xcodeproj using XCode 7.2
- Start the Sinatra backend web service:
	- In the api directory run "bundle install" this will install the needed gems	
	- In the api directory run "ruby api.rb"
	- This service should run on localhost (127.0.0.1) port 4567
- Click the Run icon after selecting one of the iOS Simulator targets
- If the build fails with linker errors, remove the Swift.nV-* directories in ~/Library/Developer/Xcode/DerivedData

Use

- Click 'register' on the initial log on screen to setup a user.
- Login with the registered user
- Add secrets

Tutorials

- Located within the API at http://localhost:4567/tutorial

Explore

- View the simulator data storage under:
	- ~/Library/Developer/CoreSimulator/Devices/<Device-ID>/data/Containers/Data/Application/<Application-ID>/Documents
	- ~/Library/Developer/CoreSimulator/Devices/<Device-ID>/data/Library/Preferences/

Intentional Vulnerabilities

Not all vulnerabilities have associated tutorials. View the tutorial list included at http://localhost:4567/tutorial for a walk through.

- Weak Server Side Controls (M1) - Backend web service is vulnerable to forced browsing.
- Weak Server Side Controls (M1) - Backend web service is vulnerable to authentication bypass.
- Insecure Data Storage (M2) - Core Data stores all items in the local sqlite database.
- Insecure Data Storage (M2) - Username/email address is in the user preferences plist file.
- Insufficient Transport Layer Protection (M3) - No SSL for backend web service.
- Unintended Data Leakage (M4) - No protections of automatic iOS background screenshots.
- Unintended Data Leakage (M4) - Log contains multiple sensitive strings.
- Unintended Data Leakage (M4) - Autocomplete is not enabled on sensitive screens (secret entry).
- Unintended Data Leakage (M4) - Login form is not cleared upone successful login.
- Poor Authorization and Authentication (M5) - Changes to insecure stored data (email address) bypasses authentication.
- Poor Authorization and Authentication (M5) - Same email address can be registered multiple times, allowing a user to view another's secrets.
- Broken Cryptography (M6) - Shared Secret "CryptoKey" is stored within the Environment.plist file.
- Client Side Injection (M7) - multiple locations, including Format String Injection on the login screen.
- Improper Session Handling (M8) - App completely lacks any session tokens or they are unused for interaction with API.

About

Security Training Tool that demonstrates common mobile application vulnerabilities using Swift in iOS

Resources

Readme

License

GPL-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • JavaScript 41.2%
  • Swift 28.2%
  • HTML 23.6%
  • Ruby 3.5%
  • Objective-C 2.3%
  • CSS 1.2%