Top Related Projects
Clone this repo to build Frida
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Documentation:
Quick Overview
Objection is a runtime mobile exploration toolkit, powered by Frida. It allows for dynamic analysis of mobile applications on iOS and Android devices, providing a command-line interface to interact with and manipulate running apps without requiring a jailbreak or root access.
Pros
- Cross-platform support for both iOS and Android
- No jailbreak or root access required
- Extensive set of features for app analysis and manipulation
- Active development and community support
Cons
- Requires some technical knowledge to use effectively
- May not work with all apps, especially those with advanced anti-tampering measures
- Performance impact on the target application
- Limited documentation for advanced use cases
Getting Started
- Install Objection:
pip3 install objection
-
Connect your device and start the target application.
-
Run Objection:
objection explore
- Use various commands to analyze and manipulate the app:
# List available modules
objection modules list
# Dump keychain items (iOS)
ios keychain dump
# List activities (Android)
android hooking list activities
# Search for specific classes
android hooking search classes <class_name>
For more detailed instructions and advanced usage, refer to the official documentation on the GitHub repository.
Competitor Comparisons
Clone this repo to build Frida
Pros of Frida
- More powerful and flexible dynamic instrumentation framework
- Supports a wider range of platforms and programming languages
- Larger community and ecosystem with extensive documentation
Cons of Frida
- Steeper learning curve for beginners
- Requires more low-level knowledge of the target application
- Less user-friendly for quick mobile app analysis tasks
Code Comparison
Frida (JavaScript):
Java.perform(function () {
var MainActivity = Java.use("com.example.app.MainActivity");
MainActivity.sensitiveMethod.implementation = function () {
console.log("Sensitive method called");
return this.sensitiveMethod();
};
});
Objection (Python-like CLI):
android hooking watch class_method com.example.app.MainActivity.sensitiveMethod --dump-args --dump-backtrace --dump-return
Summary
Frida is a more powerful and versatile dynamic instrumentation framework, while Objection provides a higher-level, user-friendly interface for mobile app analysis. Frida offers greater flexibility and supports more platforms, but has a steeper learning curve. Objection simplifies common mobile app analysis tasks but may be limited for more complex scenarios. The choice between the two depends on the user's expertise and specific requirements for the analysis task at hand.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Pros of Mobile-Security-Framework-MobSF
- Comprehensive static and dynamic analysis for both Android and iOS applications
- Web-based interface for easy access and reporting
- Integrates multiple security tools and techniques in one platform
Cons of Mobile-Security-Framework-MobSF
- Requires more setup and configuration compared to Objection
- May be overkill for simple runtime analysis tasks
- Less focused on runtime manipulation and exploration
Code Comparison
Mobile-Security-Framework-MobSF (Python):
def scan_file(self, file_path):
# Perform static analysis
static_analysis = self.static_analyzer.analyze(file_path)
# Perform dynamic analysis
dynamic_analysis = self.dynamic_analyzer.analyze(file_path)
return self.generate_report(static_analysis, dynamic_analysis)
Objection (Python):
def explore_runtime(self, package_name):
# Hook into the application's runtime
self.frida_session.hook(package_name)
# Explore and manipulate the runtime
self.interactive_shell.start()
Mobile-Security-Framework-MobSF focuses on comprehensive analysis and reporting, while Objection emphasizes runtime exploration and manipulation. MobSF provides a broader range of security checks, but Objection offers more flexibility for interactive runtime analysis.
Documentation:
Pros of appmon
- Focuses specifically on mobile app monitoring and analysis
- Provides a graphical user interface for easier use
- Supports both iOS and Android platforms out of the box
Cons of appmon
- Less actively maintained compared to objection
- More limited in scope and functionality
- Smaller community and fewer contributors
Code Comparison
appmon:
def on_message(message, data):
if message['type'] == 'send':
print("[*] {0}".format(message['payload']))
else:
print(message)
objection:
def on_message(message: dict, data):
"""
Handles on_message events for this connection.
"""
try:
if message and 'payload' in message:
click.secho(message['payload'], dim=True)
except Exception as e:
click.secho('Failed to handle message with error: {0}'.format(e))
Both projects use similar message handling approaches, but objection's implementation is more robust with error handling and better formatting.
Summary
While appmon offers a user-friendly interface for mobile app monitoring, objection provides a more comprehensive and actively maintained toolkit for mobile application security testing. objection's larger community and broader feature set make it a more versatile choice for many scenarios, although appmon's specific focus on monitoring may be preferable for certain use cases.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
ð±objection - Runtime Mobile Exploration
objection
is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
- Supports both iOS and Android.
- Inspect and interact with container file systems.
- Bypass SSL pinning.
- Dump keychains.
- Perform memory related tasks, such as dumping & patching.
- Explore and manipulate objects on the heap.
- And much, much more...
Screenshots are available in the wiki.
installation
Installation is simply a matter of pip3 install objection
. This will give you the objection
command. You can update an existing objection
installation with pip3 install --upgrade objection
.
For more detailed update and installation instructions, please refer to the wiki page here.
license
objection
is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.
Top Related Projects
Clone this repo to build Frida
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Documentation:
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot