β Always refer to a HackerOne Bug Bounty program to find valid targetsπ HackerOne iOS programsarrow-up-rightπ§ͺ e.g. - 1.1.1.1 - com.cloudflare.1dot1dot1dot1arrow-up-right Cloudflare iOS is in scope
β Always refer to a HackerOne Bug Bounty program to find valid targets
π HackerOne iOS programsarrow-up-right
π§ͺ e.g. - 1.1.1.1 - com.cloudflare.1dot1dot1dot1arrow-up-right Cloudflare iOS is in scope
e.g.
Unzip the .ipa file and check the various files inside it
.ipa
Inside the Payload folder check for plist files, Framekworks folder for app's source code, other json files on different folders
Payload
plist
Framekworks
json
Check for hardcoded strings in the files.
Run MobSF and import the .ipa file into it for local static analysis
Check the sections, look for different files, strings and look through interesting information about the app
Last updated 1 year ago
