search

iOS Testing Using Objection

hashtag
Install Objection:

pip3 install objection

hashtag
Check install apps using Frida:

hashtag
If USB connection:

frida-ps -Uai

hashtag
If remote host connection:

frida-ps -H 192.16.1.20

hashtag
Start Objection and Attach to Process:

hashtag
Using USB connection:

~$ objection -g com.client.mytestapp explore

hashtag
Using Remote Connection:

──(root㉿kali)-[~]
└─# objection -N -h 192.168.1.20 -g com.incode.my.app explore

hashtag
DISABLE CERTIFICATE PINNING 

[usb] # ios sslpinning disable --quiet

hashtag
INSPECT BINARY INFO

hashtag
DUMP THE APP KEYCHAIN

hashtag
EXPLORE THE APP STRUCTURE

hashtag
CHECK FOR OTHER DATA STORES FOR SENSITIVE INFORMATION

hashtag
TROUBLESHOOTING

If you receive the following error you will need to go to Settings -> Profiles & Device Management and verify the app.

Unable to connect to the frida server: unable to launch iOS app: The operation couldn’t be completed. Unable to launch com.myapp because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user.

PreviousiOS Application TestingNextIPA Analysis Using MobSF

Last updated