SlideShare a Scribd company logo

Frida - Objection Tool Usage

Download as PPTX, PDF
n|u - The Open Security Community
n|u - The Open Security Community

Frida is a dynamic instrumentation toolkit that allows injecting JavaScript into applications. Objection is a runtime mobile exploration toolkit powered by Frida that helps assess the security of mobile apps. It supports iOS and Android. Objection allows exploring apps by listing classes, methods, and injecting scripts to enable dynamic analysis like dumping keychain entries.

1 of 12
OBJECTION N U L L C H E N N A I M E E T
WHOAMI • Dinesh / Dinz • Security Engineer @ Briskinfosec
WHAT IS FRIDA & OBJECTION & Frida is a swiss Army knife Frida is a dynamic instrumentation toolkit. It is mainly created for testers, developers and reverse engineering enthusiasts. we can inject our own JavaScript into apps of Windows, macOS, GNU/Linux, iOS, Android, and QNX. = Credits to _leon_jacobs
WHERE IT WILL BE USEFUL • Will be useful during the static & dynamic analysis (Most of the features will be used here). • Patching the Application’s package with Frida. • Bypassing the Jailbreak/root and SSL pinning.
OBJECTION • Installation : pip3 install objection Reference : https://github.com/sensepost/objection/ • objection is a runtime mobile exploration toolkit, powered by Frida. • built to help you assess the security posture of your mobile applications. • Supports both iOS and Android • Has So many cool features.
INJECTING APPLICATIONS objection --gadget AppName explore
EXPLORING WITH OBJECTION Basic Commands : • Commands, frida, reconnect, exit, ui • env, ls, !, pwd, cd, rm, sqlite • android, ios • file, plugin, jobs • import, memory, Evaluate
STATIC ANALYSIS • ios info binary • ios bundles list_bundles • ios bundles list_frameworks
FINDING CLASS AND METHODS • ios hooking list classes • ios hooking list class_methods Classname • ios hooking search classes keywords • ios hooking search methods classname • ios hooking watch class classname --include-parents • ios hooking set return_value "+[classname methodname]" false
DYNAMIC ANALYSIS • ios cookies get – for getting the cookie values from the domains used in the application. • ios keychain dump – dump the entries in the iOS keychain
ENDING NOTES
ANY QUESTIONS

Recommended

Introduction to Frida
Introduction to FridaIntroduction to Frida
Introduction to Frida
AbhishekJaiswal270
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
Minali Arora
 
HotPics 2021
HotPics 2021HotPics 2021
HotPics 2021
neexemil
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
Hacking with frida
Hacking with fridaHacking with frida
Hacking with frida
n|u - The Open Security Community
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
Mohammed Adam
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
Mykhailo Antonishyn
 

Recommended

Introduction to Frida
Introduction to FridaIntroduction to Frida
Introduction to Frida
AbhishekJaiswal270
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Getting started with Android pentesting
Getting started with Android pentestingGetting started with Android pentesting
Getting started with Android pentesting
Minali Arora
 
HotPics 2021
HotPics 2021HotPics 2021
HotPics 2021
neexemil
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
Hacking with frida
Hacking with fridaHacking with frida
Hacking with frida
n|u - The Open Security Community
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
Mohammed Adam
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
Mykhailo Antonishyn
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
Mykhailo Antonishyn
 
MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)
Agile Testing Alliance
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with Frida
Satria Ady Pradana
 
Flutter Festival - GDSC IIIT Sonepat
Flutter Festival - GDSC IIIT Sonepat Flutter Festival - GDSC IIIT Sonepat
Flutter Festival - GDSC IIIT Sonepat
GoogleDSCIIITSonepat
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)
Chandrapal Badshah
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
Jason Lang
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
Cody Thomas
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
Mikhail Egorov
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析
CC
 
Jenkins CI/CD setup for iOS in Mac OSX
Jenkins CI/CD setup for iOS in Mac OSXJenkins CI/CD setup for iOS in Mac OSX
Jenkins CI/CD setup for iOS in Mac OSX
Gagan Vishal Mishra
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
OWASP
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
Mikhail Egorov
 
Developing MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack Routers
BGA Cyber Security
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
Sina Manavi
 
Introduction to Firebase
Introduction to FirebaseIntroduction to Firebase
Introduction to Firebase
Mustafa Şenel
 
iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application Exploitation
Positive Hack Days
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDefconRussia
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
viaForensics
 

More Related Content

What's hot

Android pentesting
Android pentestingAndroid pentesting
Android pentesting
Mykhailo Antonishyn
 
MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)
Agile Testing Alliance
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with Frida
Satria Ady Pradana
 
Flutter Festival - GDSC IIIT Sonepat
Flutter Festival - GDSC IIIT Sonepat Flutter Festival - GDSC IIIT Sonepat
Flutter Festival - GDSC IIIT Sonepat
GoogleDSCIIITSonepat
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)
Chandrapal Badshah
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
Jason Lang
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
Cody Thomas
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
Mikhail Egorov
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析
CC
 
Jenkins CI/CD setup for iOS in Mac OSX
Jenkins CI/CD setup for iOS in Mac OSXJenkins CI/CD setup for iOS in Mac OSX
Jenkins CI/CD setup for iOS in Mac OSX
Gagan Vishal Mishra
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
OWASP
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
Mikhail Egorov
 
Developing MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack Routers
BGA Cyber Security
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
Sina Manavi
 
Introduction to Firebase
Introduction to FirebaseIntroduction to Firebase
Introduction to Firebase
Mustafa Şenel
 
iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application Exploitation
Positive Hack Days
 

What's hot (20)

Android pentesting
Android pentestingAndroid pentesting
Android pentesting
 
MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with Frida
 
Flutter Festival - GDSC IIIT Sonepat
Flutter Festival - GDSC IIIT Sonepat Flutter Festival - GDSC IIIT Sonepat
Flutter Festival - GDSC IIIT Sonepat
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
 
基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析基于 FRIDA 的全平台逆向分析
基于 FRIDA 的全平台逆向分析
 
Jenkins CI/CD setup for iOS in Mac OSX
Jenkins CI/CD setup for iOS in Mac OSXJenkins CI/CD setup for iOS in Mac OSX
Jenkins CI/CD setup for iOS in Mac OSX
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
 
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programsAEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs
 
Developing MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack Routers
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Introduction to Firebase
Introduction to FirebaseIntroduction to Firebase
Introduction to Firebase
 
iOS Application Exploitation
iOS Application ExploitationiOS Application Exploitation
iOS Application Exploitation
 

Similar to Frida - Objection Tool Usage

Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDefconRussia
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
viaForensics
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
Stephan Chenette
 
How to Use Open Source Tools to Improve Network Security
How to Use Open Source Tools to Improve Network SecurityHow to Use Open Source Tools to Improve Network Security
How to Use Open Source Tools to Improve Network Security
Mohammed Almusaddar
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
Steven Carlson
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
OWASP Delhi
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
Subhransu Behera
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
AppSensor - Near Real Time Event Detection and Response
AppSensor - Near Real Time Event Detection and ResponseAppSensor - Near Real Time Event Detection and Response
AppSensor - Near Real Time Event Detection and Response
jtmelton
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013drewz lin
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
Jonathan Marcil
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
B.A.
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Shannon Williams
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
Felipe Prado
 
Android
AndroidAndroid
Android
Vibhu Mishra
 
voice recognition security system ppt
voice recognition security system pptvoice recognition security system ppt
voice recognition security system ppt
Nitesh Dubey
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testingeightbit
 
AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensor
jtmelton
 

Similar to Frida - Objection Tool Usage (20)

Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
 
How to Use Open Source Tools to Improve Network Security
How to Use Open Source Tools to Improve Network SecurityHow to Use Open Source Tools to Improve Network Security
How to Use Open Source Tools to Improve Network Security
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
 
AppSensor - Near Real Time Event Detection and Response
AppSensor - Near Real Time Event Detection and ResponseAppSensor - Near Real Time Event Detection and Response
AppSensor - Near Real Time Event Detection and Response
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
Android
AndroidAndroid
Android
 
voice recognition security system ppt
voice recognition security system pptvoice recognition security system ppt
voice recognition security system ppt
 
Ruxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration TestingRuxmon April 2014 - Introduction to iOS Penetration Testing
Ruxmon April 2014 - Introduction to iOS Penetration Testing
 
AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensor
 

More from n|u - The Open Security Community

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
n|u - The Open Security Community
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
n|u - The Open Security Community
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
n|u - The Open Security Community
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
n|u - The Open Security Community
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
n|u - The Open Security Community
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
n|u - The Open Security Community
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
n|u - The Open Security Community
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
n|u - The Open Security Community
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
n|u - The Open Security Community
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
 

Recently uploaded

How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
Celine George
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Vivekanand Anglo Vedic Academy
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
AzmatAli747758
 

Recently uploaded (20)

How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
 

Frida - Objection Tool Usage

  • 1. OBJECTION N U L L C H E N N A I M E E T
  • 2. WHOAMI • Dinesh / Dinz • Security Engineer @ Briskinfosec
  • 3. WHAT IS FRIDA & OBJECTION & Frida is a swiss Army knife Frida is a dynamic instrumentation toolkit. It is mainly created for testers, developers and reverse engineering enthusiasts. we can inject our own JavaScript into apps of Windows, macOS, GNU/Linux, iOS, Android, and QNX. = Credits to _leon_jacobs
  • 4. WHERE IT WILL BE USEFUL • Will be useful during the static & dynamic analysis (Most of the features will be used here). • Patching the Application’s package with Frida. • Bypassing the Jailbreak/root and SSL pinning.
  • 5. OBJECTION • Installation : pip3 install objection Reference : https://github.com/sensepost/objection/ • objection is a runtime mobile exploration toolkit, powered by Frida. • built to help you assess the security posture of your mobile applications. • Supports both iOS and Android • Has So many cool features.
  • 7. EXPLORING WITH OBJECTION Basic Commands : • Commands, frida, reconnect, exit, ui • env, ls, !, pwd, cd, rm, sqlite • android, ios • file, plugin, jobs • import, memory, Evaluate
  • 8. STATIC ANALYSIS • ios info binary • ios bundles list_bundles • ios bundles list_frameworks
  • 9. FINDING CLASS AND METHODS • ios hooking list classes • ios hooking list class_methods Classname • ios hooking search classes keywords • ios hooking search methods classname • ios hooking watch class classname --include-parents • ios hooking set return_value "+[classname methodname]" false
  • 10. DYNAMIC ANALYSIS • ios cookies get – for getting the cookie values from the domains used in the application. • ios keychain dump – dump the entries in the iOS keychain