Plist Storage

plist (Property List) is a flexible and convenient format for storing application data.Many times a developer makes the mistake of saving sensitive informations like users Credentials/Pin in plist.

Task

In this exercise the app stores data using a Plist file in the application sandbox.Your task is to locate the Plist file and find the sensitive data that it contains.

Once we enter the Username and Password the records are stored successfully in the Plist file in the application Sandbox.

In this example, the Plist file is stored in the below given path:

/private/var/mobile/Containers/Data/Application/<AppFolder>/Documents/<Credentials.plist>

Download the Plist file to your host machine from the above path using SFTP/SCP.

╭─arun@Aruns-MacBook-Pro ~/Documents/iOS/OWASP_iGoat
╰─$ scp root@192.168.0.3:/private/var/mobile/Containers/Data/Application/464B6C36-FBB9-4209-AC2C-6793098AB807/Documents/Credentials.plist .
root@192.168.0.3's password:
Credentials.plist 100% 279 1.5KB/s 00:00
╭─arun@Aruns-MacBook-Pro ~/Documents/iOS/OWASP_iGoat
╰─$ ls
Credentials.plist

Once you download application files, open the Credentials.plist file and you will observe that the sensitive information that is filled via UI is stored insecurely in plain text format.

Credentials.plist

The data stored in the plist file is neither encrypted nor protected. An attacker having access to the device can easily access the plist file and look for sensitive data in plain text format.

So the developers should never store any sensitive information in the plist file as this is not a secured format.