Welcome to iBugBazaar, your gateway to mastering Mobile penetration testing on iOS platform!
iBugBazaar is a comprehensive mobile application intentionally designed to be vulnerable, featuring over 20+ vulnerabilities. Developed to emulate real-world scenarios, it includes more than 10 modules and features, each replicating real-world functions and the vulnerabilities surrounding them.
We've bundled 20+ vulnerabilities into a single application, saving you from downloading multiple apps to learn about mobile application pentesting. We've packed a lot into one.
Whether you're a security enthusiast, developer, beginner exploring the mobile pentesting arena, or a professional looking to hone your skills, iBugBazaar has something for everyone on the mobile pentesting learning curve.
iBugBazaar offers a wide range of vulnerabilities, from Arbitrary webview exploitation, authentication bypass, Patching the app binary and limit bypass, Runtime Manipulation — we've got a lot of things covered.
What's more exciting? Stay in sync with the evolving landscape! BugBazaar regularly updates with fresh vulnerabilities and captivating challenges. Stay vigilant, stay ahead! Get Started Today!
- API Key Storage: Storing API keys in Plist files.
- Sensitive Data Storage: Saving information in NSUserDefaults.
- Shopping Cart Bypass: Attempting to surpass product limits by modifying the app binary.
- Clipboard Data Exposure: Potential data exposure through copy-paste buffer caching.
- Insecure Logging during Card Addition: Logging sensitive information insecurely during card addition.
- Local Card Data Storage: Saving card data locally.
- Authentication Token Exposure: Allowing users to locally store authentication tokens after logout.
- Hardcoded Login Credentials: Embedding username and password in code during login.
- Login Rate Limiting: Potential vulnerability to rate limiting during login.
- Insecure Login Logging: Logging sensitive information insecurely during login.
- Hardcoded One-Time Password (OTP): Embedding OTP values directly in the code.
- Runtime Balance Tampering: Attempting to tamper with the balance during runtime.
- Background Screenshots: Unauthorised capture of screenshots in the background.
- WebView Redirection: Unauthorised redirection in web views.
- HTML Injection and XSS: Vulnerabilities related to HTML injection and cross-site scripting.
- Link File Theft via Schema: Unauthorised access to files through schema links.
- HiddenLabelView: Potential security risks associated with the HiddenLabelView.
- Insecure HTTP Requests: Performing HTTP requests without proper security measures.
- Vulnerable Functions: Presence of functions with potential security vulnerabilities.
- Allowing All URL Redirections: Lack of restriction on URL redirections.
- Jailbreak Detection Bypass: Potential methods to bypass jailbreak detection.
- Application Debuggable: Enabled for debugging, exposing potential security risks.
- Improper Input Validation: Lack of proper validation for user inputs, posing security vulnerabilities.
Implemented security Controls including jailbreak detection and hooking detection with difficulty levels. Users can test their skills according to the selected security control level
- EASY
- MEDIUM
- ADVANCED
| Kapil Gurav | Security Consultant at Payatu- Mobile | GitHub | ||
| Amit Kumar Prajapat | Lead Security Consultant at Payatu- Mobile | GitHub |