Convert Figma logo to code with AI

sensepost logoobjection

📱 objection - runtime mobile exploration

7,651
858
7,651
89

Top Related Projects

15,995

Clone this repo to build Frida

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

1,569

Documentation:

Quick Overview

Objection is a runtime mobile exploration toolkit, powered by Frida. It allows for dynamic analysis of mobile applications on iOS and Android devices, providing a command-line interface to interact with and manipulate running apps without requiring a jailbreak or root access.

Pros

  • Cross-platform support for both iOS and Android
  • No jailbreak or root access required
  • Extensive set of features for app analysis and manipulation
  • Active development and community support

Cons

  • Requires some technical knowledge to use effectively
  • May not work with all apps, especially those with advanced anti-tampering measures
  • Performance impact on the target application
  • Limited documentation for advanced use cases

Getting Started

  1. Install Objection:
pip3 install objection
  1. Connect your device and start the target application.

  2. Run Objection:

objection explore
  1. Use various commands to analyze and manipulate the app:
# List available modules
objection modules list

# Dump keychain items (iOS)
ios keychain dump

# List activities (Android)
android hooking list activities

# Search for specific classes
android hooking search classes <class_name>

For more detailed instructions and advanced usage, refer to the official documentation on the GitHub repository.

Competitor Comparisons

15,995

Clone this repo to build Frida

Pros of Frida

  • More powerful and flexible dynamic instrumentation framework
  • Supports a wider range of platforms and programming languages
  • Larger community and ecosystem with extensive documentation

Cons of Frida

  • Steeper learning curve for beginners
  • Requires more low-level knowledge of the target application
  • Less user-friendly for quick mobile app analysis tasks

Code Comparison

Frida (JavaScript):

Java.perform(function () {
  var MainActivity = Java.use("com.example.app.MainActivity");
  MainActivity.sensitiveMethod.implementation = function () {
    console.log("Sensitive method called");
    return this.sensitiveMethod();
  };
});

Objection (Python-like CLI):

android hooking watch class_method com.example.app.MainActivity.sensitiveMethod --dump-args --dump-backtrace --dump-return

Summary

Frida is a more powerful and versatile dynamic instrumentation framework, while Objection provides a higher-level, user-friendly interface for mobile app analysis. Frida offers greater flexibility and supports more platforms, but has a steeper learning curve. Objection simplifies common mobile app analysis tasks but may be limited for more complex scenarios. The choice between the two depends on the user's expertise and specific requirements for the analysis task at hand.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Pros of Mobile-Security-Framework-MobSF

  • Comprehensive static and dynamic analysis for both Android and iOS applications
  • Web-based interface for easy access and reporting
  • Integrates multiple security tools and techniques in one platform

Cons of Mobile-Security-Framework-MobSF

  • Requires more setup and configuration compared to Objection
  • May be overkill for simple runtime analysis tasks
  • Less focused on runtime manipulation and exploration

Code Comparison

Mobile-Security-Framework-MobSF (Python):

def scan_file(self, file_path):
    # Perform static analysis
    static_analysis = self.static_analyzer.analyze(file_path)
    # Perform dynamic analysis
    dynamic_analysis = self.dynamic_analyzer.analyze(file_path)
    return self.generate_report(static_analysis, dynamic_analysis)

Objection (Python):

def explore_runtime(self, package_name):
    # Hook into the application's runtime
    self.frida_session.hook(package_name)
    # Explore and manipulate the runtime
    self.interactive_shell.start()

Mobile-Security-Framework-MobSF focuses on comprehensive analysis and reporting, while Objection emphasizes runtime exploration and manipulation. MobSF provides a broader range of security checks, but Objection offers more flexibility for interactive runtime analysis.

1,569

Documentation:

Pros of appmon

  • Focuses specifically on mobile app monitoring and analysis
  • Provides a graphical user interface for easier use
  • Supports both iOS and Android platforms out of the box

Cons of appmon

  • Less actively maintained compared to objection
  • More limited in scope and functionality
  • Smaller community and fewer contributors

Code Comparison

appmon:

def on_message(message, data):
    if message['type'] == 'send':
        print("[*] {0}".format(message['payload']))
    else:
        print(message)

objection:

def on_message(message: dict, data):
    """
        Handles on_message events for this connection.
    """
    try:
        if message and 'payload' in message:
            click.secho(message['payload'], dim=True)
    except Exception as e:
        click.secho('Failed to handle message with error: {0}'.format(e))

Both projects use similar message handling approaches, but objection's implementation is more robust with error handling and better formatting.

Summary

While appmon offers a user-friendly interface for mobile app monitoring, objection provides a more comprehensive and actively maintained toolkit for mobile application security testing. objection's larger community and broader feature set make it a more versatile choice for many scenarios, although appmon's specific focus on monitoring may be preferable for certain use cases.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

📱objection - Runtime Mobile Exploration

objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

Twitter PyPi Black Hat Arsenal Black Hat Arsenal

objection
  • Supports both iOS and Android.
  • Inspect and interact with container file systems.
  • Bypass SSL pinning.
  • Dump keychains.
  • Perform memory related tasks, such as dumping & patching.
  • Explore and manipulate objects on the heap.
  • And much, much more...

Screenshots are available in the wiki.

installation

Installation is simply a matter of pip3 install objection. This will give you the objection command. You can update an existing objection installation with pip3 install --upgrade objection.

For more detailed update and installation instructions, please refer to the wiki page here.

license

objection is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.