❗ Always refer to a HackerOne Bug Bounty program to find valid targets
- 🧪
e.g.- 1.1.1.1 - com.cloudflare.1dot1dot1dot1 Cloudflare iOS is in scope
Unzip the .ipa file and check the various files inside it
- Inside the
Payloadfolder check forplistfiles,Framekworksfolder for app's source code, otherjsonfiles on different folders - Check for hardcoded strings in the files.
Run MobSF and import the .ipa file into it for local static analysis
- Check the sections, look for different files, strings and look through interesting information about the app
