objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.
The project’s name quite literally explains the approach as well, whereby runtime specific objects are injected into a running process and executed using Frida.
Note This is not some form of jailbreak / root bypass. By using objection, you are still limited by all of the restrictions imposed by the applicable sandbox you are facing.
For iOS, objection allows you to:
+ Interact with the iOS filesystem, listing entries as well as upload & download files where permitted.
+ Perform various memory related tasks, such as listing loaded modules and their respective exports.
+ Dump the iOS keychain, and export it to a file.
+ Attempt to bypass and simulate Jailbreak detections.
+ Perform common SSL pinning bypasses.
+ Dump data from NSUserDefaults and the shared NSHTTPCookieStorage.
+ Dynamically dump arguments from methods called as you use the target application.
+ Dump various formats of information in human readable forms.
+ Bypass certain forms of TouchID restrictions.
+ Execute custom Frida scripts.
Usage and Install:
git clone https://github.com/sensepost/objection && cd objection
sudo pip3 install -r requirements.txt
sudo python3 setup.py install
or install using pypi
pip3 install objection