O'Reilly logo

IoT Penetration Testing Cookbook by Aditya Gupta, Aaron Guzman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

iOS static analysis

  1. MobSF does provide helpful features for the static analysis of iOS applications. Like Android, the decrypted iOS IPA can be dragged over to MobSF's web interface. MobSF will then rename the IPA to a ZIP, extract the contents, analyze plist files, check permissions that the app requests, and dump class information from the app, amongst other things. The following screenshot displays the landing page once the decrypted iOS IPA has been dragged over to MobSF. There are three main options that MobSF provides, including viewing the Info.plist, strings, and class dump:
Ensure you adjust your class-dump-z path in MobSF's settings ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required