Question 1

How to bypass SSL pinning with Objection on Android?

Accepted Answer

After connecting to the app, use the 'android sslpinning disable' command in Objection's REPL. This hooks common pinning libraries and allows tools like Burp Suite to intercept HTTPS traffic without modifications to the app.

Question 2

Objection vs Frida: which one should I use?

Accepted Answer

Objection is a toolkit built on top of Frida, providing higher-level commands for common tasks like SSL bypass and keychain dumping. Use Frida directly for custom scripting, but Objection saves time for standard security assessments.

Question 3

Can Objection work on non-jailbroken iOS devices?

Accepted Answer

Yes, Objection leverages Frida to run on non-jailbroken iOS devices by injecting into apps, but it requires the Frida gadget to be embedded or the device to be prepared with tools like frida-ios-dump for some scenarios.

Question 4

How to dump memory from an Android app using Objection?

Accepted Answer

Use commands like 'memory dump all' or 'memory dump stack' in Objection's REPL after attaching to the process. This exports memory regions to files for offline analysis, useful for finding sensitive data or vulnerabilities.

Question 5

Objection or MobSF: which is better for mobile security testing?

Accepted Answer

Objection excels in dynamic, interactive runtime exploration, while MobSF is stronger for static analysis and automated scanning. Choose Objection for hands-on manipulation and MobSF for quick, broad vulnerability detection.

Question 6

Is Objection suitable for beginners in mobile security?

Accepted Answer

It has a simple installation, but the command-line interface and reliance on Frida concepts make it challenging for true beginners. Prior experience with mobile app testing or Frida is recommended for effective use.

Question 7

How to extract keychain data from iOS apps with Objection?

Accepted Answer

After connecting to the iOS app, run the 'ios keychain dump' command in Objection. This lists all keychain entries, including passwords and tokens, which can be saved for further analysis in penetration tests.

Objection

What is Objection?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions