9. iOS Static Analysis

❗ Always refer to a HackerOne Bug Bounty program to find valid targets

🔗 HackerOne iOS programs

Unzip the .ipa file and check the various files inside it

  • Inside the Payload folder check for plist files, Framekworks folder for app's source code, other json files on different folders

  • Check for hardcoded strings in the files.

Info.plist

Run MobSF and import the .ipa file into it for local static analysis

  • Check the sections, look for different files, strings and look through interesting information about the app

MobSF - 1.1.1.1.ipa
MobSF Application Security Scorecard - 1.1.1.1 6.23

Last updated

Was this helpful?