Skip to content

MASTG-TOOL-0038: objection

Objection is a "runtime mobile exploration toolkit, powered by Frida". Its main goal is to allow security testing on non-rooted devices through an intuitive interface. You can find the full list of features on the project's page, but here are a few platform-agnostic ones:

  • Access application storage to download or upload files
  • Execute custom Frida scripts
  • Search, replace and dump memory
  • Job control to unload hooks and scripts
  • Interact with SQLite databases inline
  • Support for custom plugins

Objection achieves this goal by providing you with the tools to easily inject the Frida gadget into an application by repackaging it. This way, you can deploy the repackaged app to the non-rooted/non-jailbroken device by sideloading it. Objection also provides a REPL that allows you to interact with the application, giving you the ability to perform any action that the application can perform.

Objection can be installed through pip as described on Objection's Wiki.

pip3 install objection

If the pip version is out of sync with the latest release or you want to use the latest development version, you can install Objection directly from the source repository's main branch. See Development Environment Installation for instructions.

Techniques

MASTG-TECH-0026: Dynamic Analysis on Non-Rooted Devices MASTG-TECH-0002: Host-Device Data Transfer MASTG-TECH-0012: Bypassing Certificate Pinning MASTG-TECH-0044: Process Exploration MASTG-TECH-0090: Injecting Frida Gadget into an IPA Automatically MASTG-TECH-0078: Automated Static Analysis MASTG-TECH-0135: Bypassing Biometric Authentication MASTG-TECH-0064: Bypassing Certificate Pinning

Tests

MASTG-TEST-0011: Testing Memory for Sensitive Data MASTG-TEST-0022: Testing Custom Certificate Stores and Certificate Pinning MASTG-TEST-0060: Testing Memory for Sensitive Data MASTG-TEST-0052: Testing Local Data Storage MASTG-TEST-0071: Testing UIActivity Sharing MASTG-TEST-0087: Make Sure That Free Security Features Are Activated MASTG-TEST-0085: Checking for Weaknesses in Third Party Libraries MASTG-TEST-0068: Testing Custom Certificate Stores and Certificate Pinning MASTG-TEST-0241: Runtime Use of Jailbreak Detection Techniques