بنقرة واحدة
analyzing-ios-app-security-with-objection
">"
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
">"
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Command injection testing methodology covering OS command injection, code injection, filter evasion, blind command injection, and shell-specific techniques for bash, PowerShell, and cmd.exe.
Multi-step exploit chaining methodology for combining low-severity findings into full compromise paths. Covers attack chain scoring, approval gates, and systematic approach to turning individual findings into complete attack paths.
Comprehensive privilege escalation methodology for Linux and Windows. Covers kernel exploits, SUID binaries, service misconfigurations, credential harvesting, and both local privilege escalation paths.
Comprehensive reconnaissance methodology covering OSINT, subdomain enumeration, technology fingerprinting, DNS reconnaissance, and attack surface mapping. Includes passive and active recon techniques with OPSEC considerations.
Comprehensive SQL injection testing methodology covering Union-based, Error-based, Blind (Boolean/Time-based), Stacked queries, and WAF bypass techniques. Includes database-specific payloads for MySQL, PostgreSQL, MSSQL, Oracle, SQLite, and NoSQL injection.
Comprehensive Server-Side Request Forgery (SSRF) testing methodology covering basic SSRF, blind SSRF, DNS rebinding, cloud metadata exploitation, and gopher/redis attacks. Includes bypass techniques and automation.
| name | analyzing-ios-app-security-with-objection |
| description | > |
Use this skill when:
Do not use this skill on production devices without explicit authorization -- Objection modifies app runtime behavior and may trigger security monitoring.
pip install objectionpip install frida-toolsobjection patchipa to inject Frida gadget into IPAFor jailbroken devices:
# Install Frida server on device via Cydia/Sileo
# SSH to device and start Frida server
ssh root@<device_ip> "/usr/sbin/frida-server -D"
# Verify Frida connectivity
frida-ps -U # List processes on USB-connected device
For non-jailbroken devices (authorized testing):
# Patch IPA with Frida gadget
objection patchipa --source target.ipa --codesign-signature "Apple Development: test@example.com"
# Install patched IPA
ideviceinstaller -i target-patched.ipa
# Attach to running app by bundle ID
objection --gadget "com.target.app" explore
# Or spawn the app fresh
objection --gadget "com.target.app" explore --startup-command "ios hooking list classes"
Once attached, Objection provides an interactive REPL for runtime exploration.
# Dump iOS Keychain items accessible to the app
ios keychain dump
# List files in app sandbox
ios plist cat Info.plist
env # Show app environment paths
# Inspect NSUserDefaults for sensitive data
ios nsuserdefaults get
# List SQLite databases
sqlite connect app_data.db
sqlite execute query "SELECT * FROM credentials"
# Check for sensitive data in pasteboard
ios pasteboard monitor
# Disable SSL/TLS certificate pinning
ios sslpinning disable
# Verify pinning is bypassed by observing traffic in Burp Suite proxy
# Monitor network-related class method calls
ios hooking watch class NSURLSession
ios hooking watch class NSURLConnection
# List all Objective-C classes
ios hooking list classes
# Search for authentication-related classes
ios hooking search classes Auth
ios hooking search classes Login
ios hooking search classes Token
# Hook authentication methods to observe parameters
ios hooking watch method "+[AuthManager validateToken:]" --dump-args --dump-return
# Monitor biometric authentication calls
ios hooking watch class LAContext
# Check jailbreak detection implementation
ios jailbreak disable
# Simulate jailbreak detection bypass
ios jailbreak simulate
# List loaded frameworks and libraries
memory list modules
# Search memory for sensitive strings
memory search "password" --string
memory search "api_key" --string
memory search "Bearer" --string
# Dump specific memory regions
memory dump all dump_output/
# List URL schemes registered by the app
ios info binary
ios bundles list_frameworks
# Hook URL scheme handlers
ios hooking watch method "-[AppDelegate application:openURL:options:]" --dump-args
# Monitor clipboard access
ios pasteboard monitor
# Check for custom keyboard restrictions
ios hooking search classes UITextField
| Term | Definition |
|---|---|
| Objection | Runtime mobile exploration toolkit built on Frida that provides pre-built scripts for common security testing tasks |
| Frida Gadget | Shared library injected into app process to enable Frida instrumentation without jailbreak |
| Keychain | iOS secure credential storage system; Objection can dump items accessible to the target app's keychain access group |
| SSL Pinning Bypass | Runtime modification of certificate validation logic to allow proxy interception of HTTPS traffic |
| Method Hooking | Intercepting Objective-C/Swift method calls at runtime to observe arguments, return values, and modify behavior |
--startup-command to hook anti-Frida checks early in the app lifecycle.ios hooking list classes with grep to find demangled names.