Hello friends how are you all doing I hope you are all doing fine and learning new and updated stuff. So in this article, we are going to take a look at How to Setup and Install Frida and Objection On macOS.
What is Frida?
Frida is a powerful and extensible instrumentation toolkit – among its many strengths, it is ideally suited to testing and evaluating native Android and IOS apps. Frida allows you to intercept data received and sent by apps and inject your own code into the process.
Why use Frida?
Now if you ask why do we have to use Frida we can simply use Burp for the testing of mobile apps. That is also true but when you get in to advance testing of mobile apps and you need to better understand how the application works you will have to reverse engineer the app and look at the Smali code.
If the application is using some Run-Time value that the App is using to perform some encryption then you will have to hook those processes to find that run time value and that is not possible with Burp you will be required to use Frida to hook those processes and get that value.
And you can write your own Frida plugins that can do some tasks based on your requirements like this one Frida-Ios-Dump this uses Frida to pull decrypted IPA from a jailbroken device.
What is Objection?
objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
- Supports both iOS and Android.
- Inspect and interact with container file systems.
- Bypass SSL pinning.
- Dump keychains.
- Perform memory-related tasks, such as dumping & patching.
- Explore and manipulate objects on the heap.
- And much, much more…
Screenshots are available in the wiki.
Frida and Objection
In this part, we will cover the installation section these both tools go together whenever you are testing any native application we will not be covering all the details of there using but will be covering how to set them up.
- On your macOS device, run
pip3 install frida-tools
- Back on your macOS device, run
pip3 install objection
- Finally, run
objection --gadget "com.apple.AppStore" exploreto check that everything is integrated properly
Just before you run the final command make sure that you are connected to your iPhone over the USB cable.
In the next article, we will be covering how to set up your IOS device for mobile application security testing things will be covered like SSL Pinning bypass, setting up Burp, bypassing Jailbreak detection, etc.
So stay tuned for that too.