iOS Testing Using Objection

Install Objection:

pip3 install objection

Check install apps using Frida:

If USB connection:

frida-ps -Uai

If remote host connection:

frida-ps -H 192.16.1.20

Start Objection and Attach to Process:

Using USB connection:

~$ objection -g com.client.mytestapp explore

Using Remote Connection:

──(root㉿kali)-[~]
└─# objection -N -h 192.168.1.20 -g com.incode.my.app explore

DISABLE CERTIFICATE PINNING

[usb] # ios sslpinning disable --quiet

INSPECT BINARY INFO

 [usb] # ios info binary

DUMP THE APP KEYCHAIN

[usb] # ios keychain dump

EXPLORE THE APP STRUCTURE

[usb] # ls 
[usb] # file cat examplefile.txt 
[usb] # ios plist cat Info.plist

CHECK FOR OTHER DATA STORES FOR SENSITIVE INFORMATION

[usb] # ios nsurlcredentialstorage dump 
[usb] # ios nsuserdefaults get 
[usb] # ios cookies get

TROUBLESHOOTING

If you receive the following error you will need to go to Settings -> Profiles & Device Management and verify the app.

Unable to connect to the frida server: unable to launch iOS app: The operation couldn’t be completed. Unable to launch com.myapp because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user.

PreviousiOS Application Testing NextIPA Analysis Using MobSF

Last updated 2 years ago