Download to read offline
![FINDING CLASS AND METHODS
• ios hooking list classes
• ios hooking list class_methods Classname
• ios hooking search classes keywords
• ios hooking search methods classname
• ios hooking watch class classname --include-parents
• ios hooking set return_value "+[classname methodname]" false](https://image.slidesharecdn.com/objectiontoolusage-200705122053/75/Frida-Objection-Tool-Usage-9-2048.jpg)
Uploaded byn|u - The Open Security Community
Frida - Objection Tool Usage
Frida is a dynamic instrumentation toolkit that allows injecting JavaScript into applications. Objection is a runtime mobile exploration toolkit powered by Frida that helps assess the security of mobile apps. It supports iOS and Android. Objection allows exploring apps by listing classes, methods, and injecting scripts to enable dynamic analysis like dumping keychain entries.
In this document
Powered by AI
Introduction to the presentation and agenda regarding the Objection tool and its functionalities.
Introduction of Dinesh, a Security Engineer at Briskinfosec, presenting on Frida and Objection.
Frida is a dynamic toolkit for application testing and reverse engineering, injecting JavaScript into multiple OS apps.
Frida is useful for static/dynamic analysis, patching applications, and bypassing security measures like SSL pinning.
Instructions to install Objection, a mobile security assessment toolkit utilizing Frida for iOS and Android apps.
Basic command for injecting applications using Objection for exploration and testing.
Overview of essential commands available in Objection for various tasks in mobile exploration.
Insights on executing static analysis with commands for iOS binary and bundle assessments.
Commands for finding classes and methods, enabling deeper inspection of iOS applications.
Dynamic analysis capabilities such as accessing cookies and dumping entries in the iOS keychain.
Final thoughts and summary of the presentation on using Objection and Frida.
Open floor for questions from the audience regarding the presentation content.
More Related Content
More from n|u - The Open Security Community
Frida - Objection Tool Usage
- 1. OBJECTION N U LL C H E N N A I M E E T
- 2. WHOAMI • Dinesh /Dinz • Security Engineer @ Briskinfosec
- 3. WHAT IS FRIDA& OBJECTION & Frida is a swiss Army knife Frida is a dynamic instrumentation toolkit. It is mainly created for testers, developers and reverse engineering enthusiasts. we can inject our own JavaScript into apps of Windows, macOS, GNU/Linux, iOS, Android, and QNX. = Credits to _leon_jacobs
- 4. WHERE IT WILLBE USEFUL • Will be useful during the static & dynamic analysis (Most of the features will be used here). • Patching the Application’s package with Frida. • Bypassing the Jailbreak/root and SSL pinning.
- 5. OBJECTION • Installation : pip3install objection Reference : https://github.com/sensepost/objection/ • objection is a runtime mobile exploration toolkit, powered by Frida. • built to help you assess the security posture of your mobile applications. • Supports both iOS and Android • Has So many cool features.
- 6. INJECTING APPLICATIONS objection --gadgetAppName explore
- 7. EXPLORING WITH OBJECTION BasicCommands : • Commands, frida, reconnect, exit, ui • env, ls, !, pwd, cd, rm, sqlite • android, ios • file, plugin, jobs • import, memory, Evaluate
- 8. STATIC ANALYSIS • iosinfo binary • ios bundles list_bundles • ios bundles list_frameworks
- 9. FINDING CLASS ANDMETHODS • ios hooking list classes • ios hooking list class_methods Classname • ios hooking search classes keywords • ios hooking search methods classname • ios hooking watch class classname --include-parents • ios hooking set return_value "+[classname methodname]" false
- 10. DYNAMIC ANALYSIS • ioscookies get – for getting the cookie values from the domains used in the application. • ios keychain dump – dump the entries in the iOS keychain
- 11.
- 12.