iOS Testing Using Objection
Install Objection:
pip3 install objection
Check install apps using Frida:
If USB connection:
frida-ps -Uai
If remote host connection:
frida-ps -H 192.16.1.20
Start Objection and Attach to Process:
Using USB connection:
~$ objection -g com.client.mytestapp explore
Using Remote Connection:
──(root㉿kali)-[~]
└─# objection -N -h 192.168.1.20 -g com.incode.my.app explore
DISABLE CERTIFICATE PINNING
[usb] # ios sslpinning disable --quiet
INSPECT BINARY INFO
[usb] # ios info binary
DUMP THE APP KEYCHAIN
[usb] # ios keychain dump
EXPLORE THE APP STRUCTURE
[usb] # ls
[usb] # file cat examplefile.txt
[usb] # ios plist cat Info.plist
CHECK FOR OTHER DATA STORES FOR SENSITIVE INFORMATION
[usb] # ios nsurlcredentialstorage dump
[usb] # ios nsuserdefaults get
[usb] # ios cookies get
TROUBLESHOOTING
If you receive the following error you will need to go to Settings -> Profiles & Device Management and verify the app.
Unable to connect to the frida server: unable to launch iOS app: The operation couldn’t be completed. Unable to launch com.myapp because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user.
Last updated
Was this helpful?