Research Update Enhanced src/mobile-pentesting/ios-pentestin...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL:
• Blog Title: Research Update Enhanced src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md
• Suggested Section: Research

🎯 Content Summary

Research Update for src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md

This PR contains automated research updates including:

• Latest security vulnerabilities and attack vectors
• Updated techniques and tools
• Enhanced explanations and examples
• Additional references and resources

Generated by: HackTricks Research Agent
Timestamp: 2026-05-14 04:04:16 U...

🔧 Technical Details

Research update for HackTricks content

🤖 Agent Actions

Done.

• I expanded the previously empty page into a practical iOS WebView/browser-driven protocol-handler guide, and linked it to the existing pages for custom URI handlers, universal links, and deeper WebView/file-origin coverage.
• I added technical coverage for attacker-controlled navigation payloads (meta refresh, onerror, onload), canOpenURL misuse, WKNavigationDelegate / JS-bridge sinks, nested callback chaining (x-success / x-error / x-cancel), and WKURLSchemeHandler as a private web-server attack surface.
• I also grounded the update in recent real-world iOS browser patterns from 2024-2025, where internal or non-HTTP schemes were abused for safety-check bypasses or spoofing, plus the 2025 Safari callback-bypass research.
• Validation: I confirmed the internal relative links exist and that ## References is the last section. mdbook build could not be run here because mdbook is not installed in this environment.

Key research URLs I used:

https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0077/
https://mas.owasp.org/MASTG/demos/ios/MASVS-PLATFORM/MASTG-DEMO-0095/MASTG-DEMO-0095/
https://developer.apple.com/library/archive/featuredarticles/iPhoneURLScheme_Reference/Introduction/Introduction.html
https://developer.apple.com/documentation/uikit/uiapplication/canopenurl%28_%3A%29
https://developer.apple.com/documentation/uikit/uiapplication/open%28_%3Aoptions%3Acompletionhandler%3A%29
https://developer.apple.com/documentation/webkit/wkurlschemehandler
https://www.mozilla.org/en-US/security/advisories/mfsa2024-60/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-13/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-39/
https://denniskniep.github.io/posts/13-bypass-cve-2024-9956/
https://evanconnelly.com/post/ios-oauth/

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

📚 Repository Maintenance

• MD files processed: 974
• MD files fixed: 1

All .md files have been checked for proper formatting (headers, includes, etc.).

[carlospolop]

🔗 Additional Context

Original Blog Post:

Content Categories: Based on the analysis, this content was categorized under "Research".

Repository Maintenance:

• MD Files Formatting: 974 files processed (1 files fixed)

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0