9. iOS Static Analysis

❗ Always refer to a HackerOne Bug Bounty program to find valid targets

🔗 HackerOne iOS programs

• 🧪 e.g. - 1.1.1.1 - com.cloudflare.1dot1dot1dot1 Cloudflare iOS is in scope

Unzip the .ipa file and check the various files inside it

• Inside the Payload folder check for plist files, Framekworks folder for app's source code, other json files on different folders

• Check for hardcoded strings in the files.

Run MobSF and import the .ipa file into it for local static analysis

• Check the sections, look for different files, strings and look through interesting information about the app