Objection

List all Objection commands used for iOS mobile app penetration testing.

Explore App with Objection

objection -g com.example.app explore # com.example.app is example apps

Run Objection Command at Spawn Apps

# Example command to run "ios hooking search classes jail" on spawn apps
objection -g com.example.app "ios hooking search classes jail"

Basic Jailbreak Detection Bypass

ios jailbreak disable

# Example output:
com.example.app on (iPhone: 15.4.1) [usb] # 
(agent) [303462] fileExistsAtPath: check for /Applications/Cydia.app failed with: 0x0, marking it as successful.
(agent) [289052] fileExistsAtPath: check for /Applications/Cydia.app was successful with: 0x1, marking it as failed.
(agent) [289052] fileExistsAtPath: check for /bin/bash was successful with: 0x1, marking it as failed.
(agent) [289052] fopen: check for /bin/bash was successful with: 0x103404f98, marking it as failed.
..................

Basic Enumeration

Local App Paths

List bundles of the application

List framework used by the application

Basic Hooking

List all classes

Search for classes

Search for methods

List class methods

Watch class

Overwrite Return Value

Generate Hooking Template

Extract Sensitive Information

Dump NSUserDefaults

NSUserDefaults is a simple storage mechanism commonly used for storing small amounts of data or user preferences. However, it's not a secure place to store sensitive information like passwords because it can be accessed easily by other apps or by jailbroken devices.

Dump Keychain Data

Extracts the keychain items for the current application.

Note: This page is incomplete and will be regularly updated. If you have any ideas or resources that need to be added, please contact me at [email protected].

PreviousiOS Penetration TestingNextCommon Applications

Last updated

Was this helpful?