n|u - The Open Security Community, profile picture
Uploaded byn|u - The Open Security Community
PPTX, PDF751 views

Frida - Objection Tool Usage

Frida is a dynamic instrumentation toolkit that allows injecting JavaScript into applications. Objection is a runtime mobile exploration toolkit powered by Frida that helps assess the security of mobile apps. It supports iOS and Android. Objection allows exploring apps by listing classes, methods, and injecting scripts to enable dynamic analysis like dumping keychain entries.

Education
Related topics:
Information Security

Embed presentation

Download to read offline
OBJECTION N U L L C H E N N A I M E E T
WHOAMI • Dinesh / Dinz • Security Engineer @ Briskinfosec
WHAT IS FRIDA & OBJECTION & Frida is a swiss Army knife Frida is a dynamic instrumentation toolkit. It is mainly created for testers, developers and reverse engineering enthusiasts. we can inject our own JavaScript into apps of Windows, macOS, GNU/Linux, iOS, Android, and QNX. = Credits to _leon_jacobs
WHERE IT WILL BE USEFUL • Will be useful during the static & dynamic analysis (Most of the features will be used here). • Patching the Application’s package with Frida. • Bypassing the Jailbreak/root and SSL pinning.
OBJECTION • Installation : pip3 install objection Reference : https://github.com/sensepost/objection/ • objection is a runtime mobile exploration toolkit, powered by Frida. • built to help you assess the security posture of your mobile applications. • Supports both iOS and Android • Has So many cool features.
INJECTING APPLICATIONS objection --gadget AppName explore
EXPLORING WITH OBJECTION Basic Commands : • Commands, frida, reconnect, exit, ui • env, ls, !, pwd, cd, rm, sqlite • android, ios • file, plugin, jobs • import, memory, Evaluate
STATIC ANALYSIS • ios info binary • ios bundles list_bundles • ios bundles list_frameworks
FINDING CLASS AND METHODS • ios hooking list classes • ios hooking list class_methods Classname • ios hooking search classes keywords • ios hooking search methods classname • ios hooking watch class classname --include-parents • ios hooking set return_value "+[classname methodname]" false
DYNAMIC ANALYSIS • ios cookies get – for getting the cookie values from the domains used in the application. • ios keychain dump – dump the entries in the iOS keychain
ENDING NOTES
ANY QUESTIONS

More Related Content

PDF
Introduction to Frida
byAbhishekJaiswal270
 
PPTX
Pentesting Android Apps using Frida (Beginners)
byChandrapal Badshah
 
PDF
Cyber Security Coverage heat map
byMoti Sagey מוטי שגיא
 
PDF
Hacking with frida
byn|u - The Open Security Community
 
PPTX
Android security
byMobile Rtpl
 
PDF
Android Hacking
byantitree
 
PDF
Building a Security Architecture
byCisco Canada
 
PPTX
What is Zero Trust
byOkta-Inc
 
Introduction to Frida
byAbhishekJaiswal270
 
Pentesting Android Apps using Frida (Beginners)
byChandrapal Badshah
 
Cyber Security Coverage heat map
byMoti Sagey מוטי שגיא
 
Hacking with frida
byn|u - The Open Security Community
 
Android security
byMobile Rtpl
 
Android Hacking
byantitree
 
Building a Security Architecture
byCisco Canada
 
What is Zero Trust
byOkta-Inc
 

What's hot

PDF
Adopting HashiCorp Vault
byNicolas Corrarello
 
PPTX
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
byRobert Grupe, CSSLP CISSP PE PMP
 
PPTX
Gitlab CI/CD
byJEMLI Fathi
 
PPTX
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
PPTX
Top 5 benefits of docker
byJohn Zaccone
 
PDF
Credential store using HashiCorp Vault
byMayank Patel
 
PPTX
Introduction to Gitlab | Gitlab 101 | Training Session
byAnwarul Islam
 
PDF
OWASP Top 10 for Mobile
byAppvigil - Mobile App Security Scanner
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
byPriyanka Aash
 
PPTX
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
PPTX
EDR vs SIEM - The fight is on
byJustin Henderson
 
PPTX
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
byRomansh Yadav
 
PPTX
Docker 101 - Nov 2016
byDocker, Inc.
 
PDF
Mobile Application Security
bycclark_isec
 
PPTX
Vault
byJean-Philippe Bélanger
 
PPTX
SD-WAN plus cloud security
byZscaler
 
PPTX
Azure WAF
byCheah Eng Soon
 
PDF
Threat Modeling Basics with Examples
bySanjeev Kumar Jaiswal
 
PDF
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
ODP
Web Application Firewall
byChandrapal Badshah
 
Adopting HashiCorp Vault
byNicolas Corrarello
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
byRobert Grupe, CSSLP CISSP PE PMP
 
Gitlab CI/CD
byJEMLI Fathi
 
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
Top 5 benefits of docker
byJohn Zaccone
 
Credential store using HashiCorp Vault
byMayank Patel
 
Introduction to Gitlab | Gitlab 101 | Training Session
byAnwarul Islam
 
OWASP Top 10 for Mobile
byAppvigil - Mobile App Security Scanner
 
Cybersecurity roadmap : Global healthcare security architecture
byPriyanka Aash
 
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
EDR vs SIEM - The fight is on
byJustin Henderson
 
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
byRomansh Yadav
 
Docker 101 - Nov 2016
byDocker, Inc.
 
Mobile Application Security
bycclark_isec
 
Vault
byJean-Philippe Bélanger
 
SD-WAN plus cloud security
byZscaler
 
Azure WAF
byCheah Eng Soon
 
Threat Modeling Basics with Examples
bySanjeev Kumar Jaiswal
 
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
Web Application Firewall
byChandrapal Badshah
 

Similar to Frida - Objection Tool Usage

PDF
MOBILE PENTESTING Frida.pdf
byAdityamd4
 
PDF
The Hookshot: Runtime Exploitation
byPrathan Phongthiproek
 
PDF
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
byNowSecure
 
PDF
Webinar–Mobile Application Hardening Protecting Business Critical Apps
bySynopsys Software Integrity Group
 
PPTX
Bypass Security Checking with Frida
bySatria Ady Pradana
 
PDF
objection - runtime mobile exploration
bySensePost
 
PDF
FRIDA 101 Android
byTony Thomas
 
PPTX
Hooking101 - Deeper on iOS Island
byAckcent
 
PDF
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
byNSConclave
 
MOBILE PENTESTING Frida.pdf
byAdityamd4
 
The Hookshot: Runtime Exploitation
byPrathan Phongthiproek
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
byNowSecure
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
bySynopsys Software Integrity Group
 
Bypass Security Checking with Frida
bySatria Ady Pradana
 
objection - runtime mobile exploration
bySensePost
 
FRIDA 101 Android
byTony Thomas
 
Hooking101 - Deeper on iOS Island
byAckcent
 
Frida Android run time hooking - Bhargav Gajera & Vitthal Shinde
byNSConclave
 

More from n|u - The Open Security Community

PDF
Hardware security testing 101 (Null - Delhi Chapter)
byn|u - The Open Security Community
 
PDF
Osint primer
byn|u - The Open Security Community
 
PPTX
SSRF exploit the trust relationship
byn|u - The Open Security Community
 
PPTX
Nmap basics
byn|u - The Open Security Community
 
PDF
Metasploit primary
byn|u - The Open Security Community
 
PDF
Api security-testing
byn|u - The Open Security Community
 
PDF
Introduction to TLS 1.3
byn|u - The Open Security Community
 
PDF
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
byn|u - The Open Security Community
 
PDF
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
PPTX
Building active directory lab for red teaming
byn|u - The Open Security Community
 
PPTX
Owning a company through their logs
byn|u - The Open Security Community
 
PPTX
Introduction to shodan
byn|u - The Open Security Community
 
PDF
Cloud security
byn|u - The Open Security Community
 
PDF
Detecting persistence in windows
byn|u - The Open Security Community
 
PDF
OSQuery - Monitoring System Process
byn|u - The Open Security Community
 
PDF
DevSecOps Jenkins Pipeline -Security
byn|u - The Open Security Community
 
PDF
Extensible markup language attacks
byn|u - The Open Security Community
 
PPTX
Linux for hackers
byn|u - The Open Security Community
 
PDF
Android Pentesting
byn|u - The Open Security Community
 
PDF
News bytes null 200314121904
byn|u - The Open Security Community
 
Hardware security testing 101 (Null - Delhi Chapter)
byn|u - The Open Security Community
 
Osint primer
byn|u - The Open Security Community
 
SSRF exploit the trust relationship
byn|u - The Open Security Community
 
Nmap basics
byn|u - The Open Security Community
 
Metasploit primary
byn|u - The Open Security Community
 
Api security-testing
byn|u - The Open Security Community
 
Introduction to TLS 1.3
byn|u - The Open Security Community
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
byn|u - The Open Security Community
 
Talking About SSRF,CRLF
byn|u - The Open Security Community
 
Building active directory lab for red teaming
byn|u - The Open Security Community
 
Owning a company through their logs
byn|u - The Open Security Community
 
Introduction to shodan
byn|u - The Open Security Community
 
Cloud security
byn|u - The Open Security Community
 
Detecting persistence in windows
byn|u - The Open Security Community
 
OSQuery - Monitoring System Process
byn|u - The Open Security Community
 
DevSecOps Jenkins Pipeline -Security
byn|u - The Open Security Community
 
Extensible markup language attacks
byn|u - The Open Security Community
 
Linux for hackers
byn|u - The Open Security Community
 
Android Pentesting
byn|u - The Open Security Community
 
News bytes null 200314121904
byn|u - The Open Security Community
 

Recently uploaded

PPTX
LEGAL AND RIGHTS ASPECTS OF FAMILY PLANNING.pptx
bysonia
 
PPTX
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
PDF
Lamarckism: Theory of Evolution, Principles, Examples, Objections and Neo-Lam...
byIPGDCWA,NAMPALLY
 
PPTX
Ultrasound .pptx by Nagmani ojha (paramedical department)(Radiation technolog...
bynagmaniojha8
 
PPTX
ALL London Event, January 17th 2026, at the British Film Institite, South Bank.
bySteve Smith
 
PPTX
Day 2 ppt english.powerpoint presentation ppt
byJeahMaeMedez
 
PPTX
Unit 3- Culture.pptx....................
byAkanksha Kotangale
 
PPTX
Metabolism ( BIOCHEMISTRY & CLINICAL PATHOLOGY )
byBushraDeshpande
 
PPTX
HABIT. Cognitive process. I Semester Shilpa Hotakar pptx
bySHILPA HOTAKAR
 
PPTX
Statistical Data Analysis using R Programming.pptx
byVETRISELVIP1
 
PPTX
YSPH VMOC Special Report - Measles - The Americas 1-25-2026
byYale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
PDF
Oscillations /Revision notes prepared by K sandeep swamy (Msc,BEd)/For online...
bySandeep Swamy
 
PPTX
Toba Tek Singh - Visualising Partition through Manto's Lens
byMiral Joshi
 
PDF
Aminoglycosides.pdf for B.Pharmacy Medicinal Chemistry-III (BP601T), GPAT, a...
bymominzarinamdnajeeb
 
PDF
Take This Quirky Quiz! - QGI 1st Anniversary .pdf
byNiyati Jois
 
PPTX
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
PPTX
Central Line Associated Bloodstream Infection
bynabinabhaila40
 
PPTX
Mohan - "A man of silence and authority"
bynidhibachauhan46
 
PPTX
Payment Follow-Up via WhatsApp in Odoo 18.1 Accounting
byCeline George
 
PPTX
2026SlideShare.pptx welcome talk 2026 for peace harmony
byBryanGan8
 
LEGAL AND RIGHTS ASPECTS OF FAMILY PLANNING.pptx
bysonia
 
Drugs modulating serotonergic system.pptx
byNorman Arockiaraj G
 
Lamarckism: Theory of Evolution, Principles, Examples, Objections and Neo-Lam...
byIPGDCWA,NAMPALLY
 
Ultrasound .pptx by Nagmani ojha (paramedical department)(Radiation technolog...
bynagmaniojha8
 
ALL London Event, January 17th 2026, at the British Film Institite, South Bank.
bySteve Smith
 
Day 2 ppt english.powerpoint presentation ppt
byJeahMaeMedez
 
Unit 3- Culture.pptx....................
byAkanksha Kotangale
 
Metabolism ( BIOCHEMISTRY & CLINICAL PATHOLOGY )
byBushraDeshpande
 
HABIT. Cognitive process. I Semester Shilpa Hotakar pptx
bySHILPA HOTAKAR
 
Statistical Data Analysis using R Programming.pptx
byVETRISELVIP1
 
YSPH VMOC Special Report - Measles - The Americas 1-25-2026
byYale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
Oscillations /Revision notes prepared by K sandeep swamy (Msc,BEd)/For online...
bySandeep Swamy
 
Toba Tek Singh - Visualising Partition through Manto's Lens
byMiral Joshi
 
Aminoglycosides.pdf for B.Pharmacy Medicinal Chemistry-III (BP601T), GPAT, a...
bymominzarinamdnajeeb
 
Take This Quirky Quiz! - QGI 1st Anniversary .pdf
byNiyati Jois
 
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
Central Line Associated Bloodstream Infection
bynabinabhaila40
 
Mohan - "A man of silence and authority"
bynidhibachauhan46
 
Payment Follow-Up via WhatsApp in Odoo 18.1 Accounting
byCeline George
 
2026SlideShare.pptx welcome talk 2026 for peace harmony
byBryanGan8
 

Frida - Objection Tool Usage

  • 1.
    OBJECTION N U LL C H E N N A I M E E T
  • 2.
    WHOAMI • Dinesh /Dinz • Security Engineer @ Briskinfosec
  • 3.
    WHAT IS FRIDA& OBJECTION & Frida is a swiss Army knife Frida is a dynamic instrumentation toolkit. It is mainly created for testers, developers and reverse engineering enthusiasts. we can inject our own JavaScript into apps of Windows, macOS, GNU/Linux, iOS, Android, and QNX. = Credits to _leon_jacobs
  • 4.
    WHERE IT WILLBE USEFUL • Will be useful during the static & dynamic analysis (Most of the features will be used here). • Patching the Application’s package with Frida. • Bypassing the Jailbreak/root and SSL pinning.
  • 5.
    OBJECTION • Installation : pip3install objection Reference : https://github.com/sensepost/objection/ • objection is a runtime mobile exploration toolkit, powered by Frida. • built to help you assess the security posture of your mobile applications. • Supports both iOS and Android • Has So many cool features.
  • 6.
  • 7.
    EXPLORING WITH OBJECTION BasicCommands : • Commands, frida, reconnect, exit, ui • env, ls, !, pwd, cd, rm, sqlite • android, ios • file, plugin, jobs • import, memory, Evaluate
  • 8.
    STATIC ANALYSIS • iosinfo binary • ios bundles list_bundles • ios bundles list_frameworks
  • 9.
    FINDING CLASS ANDMETHODS • ios hooking list classes • ios hooking list class_methods Classname • ios hooking search classes keywords • ios hooking search methods classname • ios hooking watch class classname --include-parents • ios hooking set return_value "+[classname methodname]" false
  • 10.
    DYNAMIC ANALYSIS • ioscookies get – for getting the cookie values from the domains used in the application. • ios keychain dump – dump the entries in the iOS keychain
  • 11.
  • 12.