owasp / igoat-swift Goto Github PK

View Code? Open in Web Editor NEW

392.0 18.0 160.0 194.3 MB

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

Home Page: https://igoatapp.com/

License: GNU General Public License v3.0

Swift 28.46% HTML 2.36% Objective-C 0.10% Shell 0.23% Ruby 2.34% C 64.92% Dockerfile 0.09% PHP 1.42% Hack 0.10%

ios-security runtime-security insecure-data-storage ipa owasp-igoat owasp-top-10 ios-swift

igoat-swift's People

Contributors

Stargazers

Watchers

Forkers

anthonygp igoatapprepo jlebajan luisble deelmind kevinnz abuyv alpha0king mamonraab rahulr311295 shalekesan codingeverysolution f0829 arunthomas1105 masbog swaroopsy seabreg ariesliuh shangadi murthysagi miguelfreitas93 rajeshmsts kingbin raphael7788 simonhoye anezashraf attackgithub olivialancaster rdsece hankbao npsconsultingllc rusosky swaroopgithub p0prxx litsakaramelitsa bikram990 hehacks biscuitehh boblone19 evrohachik am1ncmd championofblocks mikeo7 aiyoubug prevelate orangelxl 5l1v3r1 fjsnogueira custodela apython123 art-tykh hareeshvp moose0621 spsig lcrowther-snyk octodemo bravomp anubisant modomodo kilaruoleh-def elaprendizdecoder sofienelkamel josemezavila lukebrogan-mend lilvip9999 nathan-snyk eranmaya-cx jiajunngjj mwansynopsys streamdeploy-devrel snyk-schmidtty gitwk86 dylanbthomas hw-yan isabella232 stratpoint-university laij ericfernandezsnyk fintico mcantu-ghas-examples sladey01 charinath nova-8 royram22 snoopysecurity cleohari latkes aaronzhouyu leomatias fabrizio199 al5harma akmoujan emchamp io-poc short romeolorenzo sgscanner grosa1 cha3ban 2janderson2

igoat-swift's Issues

UI Issue

UI is not aligned properly for iDevices.

SQL Injection: Error opening articles database

I believe the articles.sqlite file is missing. Could you provide the table definition and I can create my own articles.sqlite file?

Error: 'UIApplication' has no member 'statusBarUIView'

Try cloning this repo and trying to run the project.
This is my environment:

Xcode 14.2
MacBook with M1 Pro.
Swift 5.7.2

I am getting this error on this line SideMenuController.swift | L.424.

return UIApplication.shared.statusBarUIView as? UIWindow

I found tricky ways to solve this issue to replace those codes this code:

        let s = "status"
        let b = "Bar"
        let w = "Window"
        return UIApplication.shared.value(forKey: s+b+w) as? UIWindow

Code obtained from teodorpatras/SideMenuController.

Also, don't forget to add arm64 in excluded architecture in the build settings for Apple Silicon users.

provide updated ipa file

Are there any plans to include an updated IPA file to replace the outdated one?

App Crashes when clicking the submit button for the server communication section

When clicking the submit button on the server communication section of the data protection (transit) menu the app just crashes out

coretrace (1).log

How do i run iGoat ?

I just installed iGoat from repo, but the app doesn't appear on my phone
how do i run it ?

http://igoatapp.com/ is over HTTP

Let's move http://igoatapp.com/ to HTTPS.

Runtime Brute Force Attack / incorrect PIN (spoil inside ! ;)

The correct PIN seems to be:

Which is:

But it doesn't work.

Tested against the simulator and two real devices (jb and not jb).

Davy

Side bar navigation crashes on iOS 13

Looks like the 3rd party library used for the side bar navigation is using deprecated APIs. Building and running the app on iOS 13 causes the following crash when pressing the side bar menu icon:

*** Assertion failure in -[UIApplication _createStatusBarWithRequestedStyle:orientation:hidden:], /BuildRoot/Library/Caches/com.apple.xbs/Sources/UIKitCore_Sim/UIKit-3901.4.2/UIApplication.m:5330
*** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'App called -statusBar or -statusBarWindow on UIApplication: this code must be changed as there's no longer a status bar or status bar window. Use the statusBarManager object on the window scene instead.'
*** First throw call stack:
(
	0   CoreFoundation                      0x00007fff23c7127e __exceptionPreprocess + 350
	1   libobjc.A.dylib                     0x00007fff513fbb20 objc_exception_throw + 48
	2   CoreFoundation                      0x00007fff23c70ff8 +[NSException raise:format:arguments:] + 88
	3   Foundation                          0x00007fff256e9b51 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191
	4   UIKitCore                           0x00007fff4809421c -[UIApplication _createStatusBarWithRequestedStyle:orientation:hidden:] + 255
	5   UIKitCore                           0x00007fff480946ed -[UIApplication statusBarWindow] + 24
	6   Foundation                          0x00007fff25712bba -[NSObject(NSKeyValueCoding) valueForKey:] + 317
	7   iGoat-Swift                         0x00000001072c1c4a $s11iGoat_Swift18SideMenuControllerC3sbw33_CA8FFE2A6256EED9B4DC5F1CD153A4DDLLSo8UIWindowCSgvg + 458
	8   iGoat-Swift                         0x00000001072bf378 $s11iGoat_Swift18SideMenuControllerC3set15statusBarHidden8animatedySb_SbtF + 280
	9   iGoat-Swift                         0x00000001072c0446 $s11iGoat_Swift18SideMenuControllerC7animate8toRevealySb_tF + 230
	10  iGoat-Swift                         0x00000001072b5e51 $s11iGoat_Swift18SideMenuControllerC6toggleyyF + 609
	11  iGoat-Swift                         0x00000001072b5e8b $s11iGoat_Swift18SideMenuControllerC6toggleyyFTo + 43
	12  UIKitCore                           0x00007fff48093fff -[UIApplication sendAction:to:from:forEvent:] + 83
	13  UIKitCore                           0x00007fff47a6c00e -[UIControl sendAction:to:forEvent:] + 223
	14  UIKitCore                           0x00007fff47a6c358 -[UIControl _sendActionsForEvents:withEvent:] + 398
	15  UIKitCore                           0x00007fff47a6b2b7 -[UIControl touchesEnded:withEvent:] + 481
	16  UIKitCore                           0x00007fff480cebbf -[UIWindow _sendTouchesForEvent:] + 2604
	17  UIKitCore                           0x00007fff480d04c6 -[UIWindow sendEvent:] + 4596
	18  UIKitCore                           0x00007fff480ab53b -[UIApplication sendEvent:] + 356
	19  UIKit                               0x000000010aa75bd4 -[UIApplicationAccessibility sendEvent:] + 85
	20  UIKitCore                           0x00007fff4812c71a __dispatchPreprocessedEventFromEventQueue + 6847
	21  UIKitCore                           0x00007fff4812f1e0 __handleEventQueueInternal + 5980
	22  CoreFoundation                      0x00007fff23bd4471 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
	23  CoreFoundation                      0x00007fff23bd439c __CFRunLoopDoSource0 + 76
	24  CoreFoundation                      0x00007fff23bd3bcc __CFRunLoopDoSources0 + 268
	25  CoreFoundation                      0x00007fff23bce87f __CFRunLoopRun + 1263
	26  CoreFoundation                      0x00007fff23bce066 CFRunLoopRunSpecific + 438
	27  GraphicsServices                    0x00007fff384c0bb0 GSEventRunModal + 65
	28  UIKitCore                           0x00007fff48092d4d UIApplicationMain + 1621
	29  iGoat-Swift                         0x00000001072ca478 main + 72
	30  libdyld.dylib                       0x00007fff5227ec25 start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException

Building for iOS Simulator, but the embedded framework 'Realm.framework' was built for iOS + iOS Simulator.

Hi, 2020
I have trouble building on simulator.
"Building for iOS Simulator, but the embedded framework 'Realm.framework' was built for iOS + iOS Simulator."

Who know about this issue?

My environment are

Xcode 12.3
Big sur 11.0.1

Expression resolves to unused function

CloudMisconfigurationExerciseVC has a compiler error in its UIViewController extension:

extension UIViewController {
    @IBAction func textFieldReturn(sender: UITextField) {
        sender.resignFirstResponder
    }
}

resignFirstResponder should be a function call: sender.resignFirstResponder()

Cannot find 8082 service in Crypto Challenge Exercise

Crypto Challenge Exercise need call the url http://localhost:8082/checkout/.

However, I cannot find the 8082 service is up.

Cydia repo missing iGoat binary

iGoat cydia repo seems empty. Fix it at https://swiftigoat.yourepo.com/

ive opened the xcode project and attempt to build but in the insecure data storage -- Realm -- RealmExerciseVC, i get 'no such module 'realm' . ive run pod install and made sure cocoapods is up to date, deleted the derived data directory and cleaned the build. still getting the error. not sure what else to do.

Donate button on Github repo is not working

Donate button provided on Github repo is not working. Its redirecting to non-existing Github page.

Application Crashes on Webkit Cache Challenge

After starting exercise Data Protection (Rest) -> Webkit Cache, application crashes and user gets out of the app.

How to defence from the URLSchemeAttack?

I got an idea about How URLSchemeAttack happened? Now I'm looking for the solution to avoide it.

iGoat-Swift igoat_server.rb not working.

Error:

$ ./igoat_server.rb
/System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib/ruby/2.6.0/universal-darwin19/rbconfig.rb:229: warning: Insecure world writable dir /usr/local/opt in PATH, mode 04077
Traceback (most recent call last):
2: from ./igoat_server.rb:57:in <main>' 1: from /Library/Ruby/Site/2.6.0/rubygems/core_ext/kernel_require.rb:92:in require'
/Library/Ruby/Site/2.6.0/rubygems/core_ext/kernel_require.rb:92:in `require': cannot load such file -- sinatra/base (LoadError)

System Config:
Mac os: Cataline 10.15.6
Ruby Version: ruby 2.6.3p62 (2019-04-16 revision 67580) [universal.x86_64-darwin19]