Frida is a dynamic instrumentation toolkit that allows injecting JavaScript into applications. Objection is a runtime mobile exploration toolkit powered by Frida that helps assess the security of mobile apps. It supports iOS and Android. Objection allows exploring apps by listing classes, methods, and injecting scripts to enable dynamic analysis like dumping keychain entries.
3. WHAT IS FRIDA & OBJECTION
&
Frida is a swiss Army knife
Frida is a dynamic instrumentation toolkit.
It is mainly created for testers, developers and reverse engineering enthusiasts.
we can inject our own JavaScript into apps of Windows, macOS, GNU/Linux, iOS, Android, and QNX.
=
Credits to _leon_jacobs
4. WHERE IT WILL BE USEFUL
• Will be useful during the static & dynamic analysis (Most of the features will be used
here).
• Patching the Application’s package with Frida.
• Bypassing the Jailbreak/root and SSL pinning.
5. OBJECTION
• Installation :
pip3 install objection
Reference : https://github.com/sensepost/objection/
• objection is a runtime mobile exploration
toolkit, powered by Frida.
• built to help you assess the security posture
of your mobile applications.
• Supports both iOS and Android
• Has So many cool features.
9. FINDING CLASS AND METHODS
• ios hooking list classes
• ios hooking list class_methods Classname
• ios hooking search classes keywords
• ios hooking search methods classname
• ios hooking watch class classname --include-parents
• ios hooking set return_value "+[classname methodname]" false
10. DYNAMIC ANALYSIS
• ios cookies get – for getting the cookie values from the domains used in the
application.
• ios keychain dump – dump the entries in the iOS keychain