Local Data Storage Analysis with iOS Simulator

June 30, 2014
Pentests

There have been times when a penetration tester is not able to install iOS application on a physical device while performing iOS application security assessment. This can happen due to various reasons:

  • Application does not support your iOS firmware version
  • Pentester does not own iOS device or is not jailbroken
  • Pentester cannot install .IPA file using iTunes

If one of the above happened to you then you need to go back to customer and ask for application’s Xcode project. Once you have this, open thexcworkspacefile in Xcode and simply run the code. Ensure you select iOS simulator device to run your application. Here’s how you can do this:

XcodeàProductàDestinationàChoose Device

Once you have this, you should be able to run your application in iOS simulator. What next?

Next, I would suggest you to browse the application, input data, create records, etc. within the application. This will make the application run as in you are in real environment and allow application to do all scary stuff on your Simulator.

To inspect what application has stored locally, browse to below path (using Finder or Terminal):

~/Library/Application Support/iPhone Simulator/7.0.3/Applications/<UNIQUE_ID>/Documents

~/Library/Application Support/iPhone Simulator/7.0.3/Applications/<UNIQUE_ID>/Library

In above locations, you should be able to view below folders:

Caches - Stores application database files

Preferences - Stores application .plist files

You can now view .plist files using any text editor and could view database files using SQLiteStudio (free lightweight utility). The tool is really simple to operate and gets you what you are looking for very quickly.

Once you have this, you should be able to run your application in iOS simulator. What next?

Next, I would suggest you to browse the application, input data, create records, etc. within the application. This will make the application run as in you are in real environment and allow application to do all scary stuff on your Simulator.

To inspect what application has stored locally, browse to below path (using Finder or Terminal):

~/Library/Application Support/iPhone Simulator/7.0.3/Applications/<UNIQUE_ID>/Documents

~/Library/Application Support/iPhone Simulator/7.0.3/Applications/<UNIQUE_ID>/Library

In above locations, you should be able to view below folders:

Caches - Stores application database files

Preferences - Stores application .plist files

You can now view .plist files using any text editor and could view database files using SQLiteStudio (free lightweight utility). The tool is really simple to operate and gets you what you are looking for very quickly.

Happy Reading!!!

Share this post
Wordpress Security
Malware Analysis
Tools & Techniques
Pentests
PTaaS
Cyber Security
Technology
Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Latest blogs

Latest updates in cybersecurity services

View All
Blacklock Blog Image
General
October 30, 2024
General
Wordpress CMS Security
June 9, 2016
Wordpress CMS Security