9. iOS Static Analysis
❗ Always refer to a HackerOne Bug Bounty program to find valid targets
🧪
e.g.
- 1.1.1.1 - com.cloudflare.1dot1dot1dot1 Cloudflare iOS is in scope
Unzip the .ipa
file and check the various files inside it
Inside the
Payload
folder check forplist
files,Framekworks
folder for app's source code, otherjson
files on different foldersCheck for hardcoded strings in the files.



Run MobSF and import the .ipa
file into it for local static analysis
Check the sections, look for different files, strings and look through interesting information about the app





Last updated
Was this helpful?