Objection - CraigDonkin/Android-Testing GitHub Wiki
Overview
Objection is a great tool for mobile exploration.
Download Link:
https://github.com/sensepost/objection
Installation
pip3 install -U objection
Frida
Frida-Server needs to be installed on the device
https://github.com/frida/frida/releases
adb root
adb push frida-server /data/local/tmp
adb shell “chmod 755 /data/local/tmp/frida-server”
adb shell “/data/local/tmp/frida-server &”
Usage
Run objection on the command line to get the CLI
The REPL will autocomplete commands when the tab key is pressed
To connect objection to a particular process run:
- On the testing laptop run frida-ps -U and grep for the app being tested
- Hook the process with the -g flag and then run explore
frida-ps -U | grep APPNAME
objection -g com.your.app explore
Commands
| Command | Description |
|---|---|
| env | prints out information about the app environment |
| pwd print | shows the directory you are currently in |
| ls | like in Linux lists the files in that directory as well as properties |
| file download/upload | Download or upload a file |
| android | specific commands that can work with Android |
| android sslpinning disable | Built in SSL pinning bypass command |
| Android root disable | Built in root detection bypass |
| Android Hooking | Powerful tool for hooking the runtime |
| Android hooking list activities | list app activities |
| android intent launch_activity {activity} | Launch an intent |
| android hooking search | search for classes and methods |
| android ui screenshot | take a screenshot |
| android shell_exec | executes a shell command on the device |
| help command | prints useful help information |