objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.
The project’s name quite literally explains the approach as well, whereby runtime specific objects are injected into a running process and executed using Frida.
Note This is not some form of jailbreak / root bypass. By using objection, you are still limited by all of the restrictions imposed by the applicable sandbox you are facing.
objection v0.1.1
Features
For iOS, objection allows you to:
+ Interact with the iOS filesystem, listing entries as well as upload & download files where permitted.
+ Perform various memory related tasks, such as listing loaded modules and their respective exports.
+ Dump the iOS keychain, and export it to a file.
+ Attempt to bypass and simulate Jailbreak detections.
+ Perform common SSL pinning bypasses.
+ Dump data from NSUserDefaults and the shared NSHTTPCookieStorage.
+ Dynamically dump arguments from methods called as you use the target application.
+ Dump various formats of information in human readable forms.
+ Bypass certain forms of TouchID restrictions.
+ Execute custom Frida scripts.
Usage and Install:
git clone https://github.com/sensepost/objection && cd objection sudo pip3 install -r requirements.txt sudo python3 setup.py install objection --help or install using pypi pip3 install objection
Source: https://github.com/sensepost