# Objection Tutorial ## 📌What is Objection? * [**Objection**](https://book.hacktricks.wiki/en/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.html#resume) is a **runtime mobile application exploration** framework powered by **Frida**, designed to help security researchers and pentesters analyze and modify the behavior of iOS and Android applications. * It allows you to interact with a mobile app during runtime without needing to modify the app's source code or recompile it. ### **📍Key Features of Objection** 1. **Bypass SSL Pinning** 2. **Dumping Data (e.g., dump databases, shared preferences)** 3. **Hooking and Modifying App Behavior** 4. **Exploit Discovery** 5. **Runtime Analysis** ### **📍Installation** ```bash pip3 install objection ``` ### **📍Connection** 1. Make a **regular ADB connection** and **start** the F**rida** server on the device 2. **Start Objection**: ```bash objection --gadget explore ``` ### **📍Basic Actions** 1. **Environment**: Some interesting information (like passwords or paths) could be found inside the environment. ```bash env ``` 2. **Import frida script** ```bash import ``` 3. **Bypass SSL Pinning** ```bash android sslpinning disable ``` 4. **Root detection** ```bash android root disable #Attempts to disable root detection on Android devices. android root simulate #Attempts to simulate a rooted Android environment. ``` 5. **Static analysis made Dynamic** * **List activities, receivers, and services** ```bash android hooking list activities android hooking list services android hooking list receivers ``` * **Getting the current activity** ```bash android hooking get current_activity ``` * **List all classes in our app** ```bash android hooking search classes packageName ``` * **Search Methods of a class** ```bash android hooking search methods packageName ClassName ``` * **List declared Methods of a class with their parameters** ```bash android hooking list class_methods packageName.ClassName ``` * **Hooking (watching) a method** ```bash android hooking watch class_method packageName.methodName --dump-args --dump-backtrace --dump-return ``` * **Hooking (watching) an entire class** ```bash android hooking watch class packageName.MainActivity --dump-args --dump-return ``` * **Changing boolean return value of a function** ```bash android hooking set return_value packageName.funcName true ``` * **List all modules** ```bash memory list modules ``` * **List exports that exist in the module** ```bash memory list exports moduleName ``` ### **📍When to Use Objection Instead of Frida?** * **Ease of Use**: * **Objection** is more user-friendly, offering ready-to-use commands for common tasks like SSL pinning bypass and dumping data. * **Frida** is more flexible but requires custom scripts and a deeper understanding for detailed control. * **Pre-built Functions**: * **Objection** includes pre-built functions for common tasks (e.g., dumping keychain data, bypassing SSL pinning). * **Frida** requires custom scripting for similar tasks. * **Exploratory Tasks**: * Use **Objection** for quick exploration and testing of common mobile security issues. * **Advanced Customization**: * Use **Frida** for advanced analysis and building custom instrumentation scripts for specific attacks. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://e1mazahy.gitbook.io/tomesec/droidtomesec/android-pentesting/objection-tutorial.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.