Skip to main content

Endpoint URL & API Discovery

Once you have the decrypted version of the app, run the strings command on the main executable. Alternatively, you can use a disassembler if you prefer.

unzip -qq ipaname.ipa
cd Payload/appname.app
strings -n 6 $BINARY > strings.txt

Using Radare2:

unzip -qq ipaname.ipa
cd Payload/appname.app
rabin2 -z > strings.txt

Pulling URLs from Binary Strings

strings ExampleApp | grep -Ei 'http:|https:' | sort -u

https://connect.secure.exampleapp.com
https://cql.exampleapp.com
https://image.eum-appdynamics.com
https://itunes.apple.com/us/app/exampleapp/id312658709?mt=8
https://labs.exampleapp.com/iso_mats
https://m.exampleapp.com
https://mobile.eum-appdynamics.com
https://mobiledemo.vendor.com/mobilesdk/api/CheckDeposit
https://mobiledemo.vendor.com/mobilesdk/api/billpay
https://mobilekta-beta.vendor.com/TotalAgility/Services/SDK
https://mwapp.exampleapp.com
https://oam.exampleapp.com
https://ort.exampleapp.com/reporting
https://overmind.datatheorem.com/trustkit/report
https://prod1-eum-appdynamics.exampleapp.com:443
https://www.exampleapp.com
https://www.exampleapp.com/
https://www.exampleapp.com/help/faqs/mobile
isHTTPS:

Pulling File Paths from Binary

strings ExampleApp | grep -Ei file\\: | sort -u