Foglio di guanto per oggetti¶
__HTML_TAG_23_📋 Copia Tutti i comandi_HTML_TAG_24__
__HTML_TAG_27_
## Panoramica
Obiezione è un kit di esplorazione mobile runtime costruito sulla parte superiore di Frida, progettato per fornire ricercatori di sicurezza e tester di penetrazione con capacità complete per analizzare e manipolare le applicazioni mobili durante il tempo di esecuzione. Sviluppato da Leon Jacobs, Objection funge da potente interfaccia alle capacità di strumentazione dinamica di Frida, offrendo un'interfaccia di linea di comando facile da usare per eseguire complesse valutazioni di sicurezza delle applicazioni mobili. Lo strumento supporta sia le piattaforme iOS che Android, rendendolo un componente essenziale di qualsiasi arsenale di prova di sicurezza mobile.
La forza primaria di Objection risiede nella sua capacità di eseguire la manipolazione runtime delle applicazioni mobili senza richiedere l'accesso al codice sorgente o la ricompilazione dell'applicazione. Utilizzando il motore di strumentazione di Frida, Objection può collegare le funzioni di applicazione, modificare il comportamento, bypassare i controlli di sicurezza ed estrarre le informazioni sensibili dalle applicazioni in esecuzione. Questa capacità lo rende particolarmente prezioso per gli scenari di test di sicurezza black-box in cui gli approcci di analisi statica tradizionali sono insufficienti o impraticabili.
Obiezione fornisce un insieme completo di caratteristiche tra cui SSL pinning bypass, root/jailbreak rilevamento bypass, esplorazione del file system, manipolazione della memoria e metodo aggancio. L'architettura modulare dello strumento consente una facile estensione e personalizzazione, mentre la sua struttura di comando intuitiva lo rende accessibile sia ai principianti che ai professionisti della sicurezza esperti. Obiezione rappresenta un significativo progresso nel test di sicurezza delle applicazioni mobili, fornendo capacità che erano precedentemente disponibili solo attraverso complessi script personalizzati Frida.
## Installazione
### Python Package Installazione
Installazione dell'Obiezione tramite Python package manager:
### Frida Installazione
Installazione delle dipendenze di Frida:
### Impostazione dispositivo
Impostazione dei dispositivi target:
# Uso di base
### Application Discovery
Scoprire e elencare le applicazioni:
### Basic Exploration
Comandi di esplorazione delle applicazioni di base:
### Operazioni di File System
esplorazione e manipolazione del file system:
## Caratteristiche avanzate
## SSL Pinning Bypass
Passando il certificato SSL pinning:
## Root/Jailbreak Detection Bypass
Attraversando il rilevamento root e jailbreak:
# Metodo gancio
metodi di applicazione di aggancio e manipolazione:
### Memory Operations
esplorazione e manipolazione della memoria:
### Keystore and Cryptography
Keystore e operazioni crittografiche:
## Platform-Specific Features
### Android-Specific Commands
Funzionalità specifiche per Android:
### iOS-Specific Commands
Funzionalità specifiche per iOS:
## Automation Scripts
### Valutazione automatizzata
### Elaborazione batch
### Custom Hook Generator
## Esempi di integrazione
#### Frida Script Integration
### Burp Suite Integrazione
### OWASP ZAP Integrazione
## Risoluzione dei problemi
### Problemi di connessione
### Questioni di applicazione
### Performance Issues
## Considerazioni di sicurezza
### Sicurezza operativa
** Sicurezza dei dispositivi: **
- Utilizzare dispositivi di prova dedicati
- Implementare l'isolamento del dispositivo
- Regolari aggiornamenti di sicurezza
- Monitor per malware
- Memorizzazione sicura dei dati
**Sicurezza della rete **
- Utilizzare VPN per il test remoto
- Implementare la crittografia del traffico
- Monitorare l'attività di rete
- Configurazioni proxy sicure
- Regolari controlli di rete
### Considerazioni giuridiche ed etiche
**Solo test autorizzati: **
- Ottenere una corretta autorizzazione
- Definire il campo di prova
- Documento tutte le attività
- Seguire la divulgazione responsabile
- Rispetto dei diritti sulla privacy
**Le migliori pratiche: **
- Utilizzare in ambienti controllati
- Valutazioni di sicurezza regolari
- Misure di bonifica
- Monitor per uso non autorizzato
- Mantenere i percorsi di audit
## Referenze
1. [Objection GitHub Repository](https://github.com/sensepost/objection)
2. [Frida Documentation](_URL_29__
3. [Guida per il test di sicurezza mobile)(https://owasp.org/www-project-mobile-security-testing-guide/)
4. [Android Security Testing](https://developer.android.com/training/articles/security-tips)_
5. [IOS Security Testing](https://developer.apple.com/documentation/security)_
# Install via pip
pip3 install objection
# Install specific version
pip3 install objection==1.11.0
# Install with development dependencies
pip3 install objection[dev]
# Upgrade to latest version
pip3 install --upgrade objection
# Install from source
git clone https://github.com/sensepost/objection.git
cd objection
pip3 install .
# Install Frida tools
pip3 install frida-tools
# Install Frida for Python
pip3 install frida
# Verify Frida installation
frida --version
# Install Frida server for Android
wget https://github.com/frida/frida/releases/latest/download/frida-server-android-arm64
adb push frida-server-android-arm64 /data/local/tmp/frida-server
adb shell chmod 755 /data/local/tmp/frida-server
# Android device setup
adb devices
adb root
adb shell /data/local/tmp/frida-server &
# iOS device setup (jailbroken)
ssh root@ios-device
apt-get install frida
frida-server &
# Verify device connectivity
frida-ps -U
# List running applications
objection -g com.example.app explore
# List installed applications
frida-ps -Ua
# List running processes
frida-ps -U
# Get application information
objection -g com.example.app explore -c "env"
# List application activities (Android)
objection -g com.example.app explore -c "android hooking list activities"
# Start Objection session
objection -g com.example.app explore
# Get environment information
env
# List loaded classes
android hooking list classes
# List class methods
android hooking list class_methods com.example.MainActivity
# Search for classes
android hooking search classes keyword
# Search for methods
android hooking search methods keyword
# List files in application directory
ls
# Change directory
cd /data/data/com.example.app
# Download file from device
file download /data/data/com.example.app/databases/app.db ./app.db
# Upload file to device
file upload ./payload.txt /data/data/com.example.app/files/payload.txt
# Show file contents
cat /data/data/com.example.app/shared_prefs/settings.xml
# Find files by name
find /data/data/com.example.app -name "*.db"
# Disable SSL pinning (Android)
android sslpinning disable
# Disable SSL pinning (iOS)
ios sslpinning disable
# Monitor SSL pinning attempts
android sslpinning monitor
# Custom SSL pinning bypass
android hooking set return_value com.example.SSLPinning.verify true
# Disable root detection (Android)
android root disable
# Disable jailbreak detection (iOS)
ios jailbreak disable
# Monitor root detection attempts
android root monitor
# Simulate non-rooted environment
android root simulate
# Hook specific root detection methods
android hooking set return_value com.example.RootDetection.isRooted false
# Hook method and monitor calls
android hooking watch class com.example.MainActivity
# Hook specific method
android hooking watch class_method com.example.MainActivity.onCreate
# Set method return value
android hooking set return_value com.example.Security.isValid true
# Generate method hook template
android hooking generate simple com.example.MainActivity.login
# Hook constructor
android hooking watch class_method com.example.User.$init
# Dump memory regions
memory dump all
# Dump specific memory region
memory dump 0x12345678 1024
# Search memory for patterns
memory search "password"
# Search memory for specific bytes
memory search --pattern "41 42 43 44"
# List memory regions
memory list
# Write to memory
memory write 0x12345678 "new_value"
# List keystore entries (Android)
android keystore list
# Dump keystore entry
android keystore detail alias_name
# Monitor cryptographic operations
android crypto monitor
# Hook encryption/decryption methods
android hooking watch class javax.crypto.Cipher
# Bypass certificate validation
android sslpinning disable --quiet
# List activities
android hooking list activities
# List services
android hooking list services
# List broadcast receivers
android hooking list receivers
# Start activity
android intent launch_activity com.example.MainActivity
# Send broadcast intent
android intent send_broadcast --action com.example.ACTION
# Monitor intents
android intent monitor
# Dump application heap
android heap dump
# Search heap for objects
android heap search instances com.example.User
# List bundles
ios bundles list
# List classes in bundle
ios hooking list classes
# Monitor pasteboard
ios pasteboard monitor
# Dump keychain
ios keychain dump
# Monitor URL schemes
ios url_scheme monitor
# Hook Objective-C methods
ios hooking watch method "-[ViewController viewDidLoad]"
# List frameworks
ios bundles list_frameworks
# Monitor file operations
ios file monitor
#!/usr/bin/env python3
# Objection automated assessment script
import subprocess
import json
import time
class ObjectionAutomation:
def __init__(self, package_name):
self.package_name = package_name
self.session = None
def start_session(self):
"""Start Objection session"""
cmd = f"objection -g \\\\{self.package_name\\\\} explore"
self.session = subprocess.Popen(
cmd.split(),
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
time.sleep(2)
def execute_command(self, command):
"""Execute command in Objection session"""
if self.session:
self.session.stdin.write(f"\\\\{command\\\\}\n")
self.session.stdin.flush()
time.sleep(1)
def run_security_assessment(self):
"""Run comprehensive security assessment"""
commands = [
"env",
"android sslpinning disable",
"android root disable",
"android hooking list activities",
"android hooking list services",
"android keystore list",
"memory dump all",
"file download /data/data/\\\\{\\\\}/databases/ ./databases/".format(self.package_name),
"android intent monitor"
]
for cmd in commands:
print(f"Executing: \\\\{cmd\\\\}")
self.execute_command(cmd)
time.sleep(2)
def close_session(self):
"""Close Objection session"""
if self.session:
self.execute_command("exit")
self.session.terminate()
# Usage
if __name__ == "__main__":
automation = ObjectionAutomation("com.example.app")
automation.start_session()
automation.run_security_assessment()
automation.close_session()
#!/bin/bash
# Objection batch processing script
PACKAGE_LIST="packages.txt"
OUTPUT_DIR="objection_results"
mkdir -p $OUTPUT_DIR
while IFS= read -r package; do
echo "Processing package: $package"
# Create package-specific directory
mkdir -p "$OUTPUT_DIR/$package"
# Run Objection commands
objection -g $package explore -c "env" > "$OUTPUT_DIR/$package/env.txt"
objection -g $package explore -c "android hooking list activities" > "$OUTPUT_DIR/$package/activities.txt"
objection -g $package explore -c "android hooking list services" > "$OUTPUT_DIR/$package/services.txt"
objection -g $package explore -c "android keystore list" > "$OUTPUT_DIR/$package/keystore.txt"
# Disable security controls
objection -g $package explore -c "android sslpinning disable"
objection -g $package explore -c "android root disable"
echo "Completed processing: $package"
sleep 5
done < "$PACKAGE_LIST"
echo "Batch processing completed"
#!/usr/bin/env python3
# Custom Objection hook generator
import json
class HookGenerator:
def __init__(self):
self.hooks = []
def generate_method_hook(self, class_name, method_name, return_value=None):
"""Generate method hook"""
hook = \\\\{
"type": "method_hook",
"class": class_name,
"method": method_name,
"action": "monitor"
\\\\}
if return_value:
hook["return_value"] = return_value
hook["action"] = "modify"
self.hooks.append(hook)
return hook
def generate_class_hook(self, class_name):
"""Generate class hook"""
hook = \\\\{
"type": "class_hook",
"class": class_name,
"action": "monitor_all"
\\\\}
self.hooks.append(hook)
return hook
def generate_objection_script(self):
"""Generate Objection script from hooks"""
script_lines = []
for hook in self.hooks:
if hook["type"] == "method_hook":
if hook["action"] == "monitor":
script_lines.append(f"android hooking watch class_method \\\\{hook['class']\\\\}.\\\\{hook['method']\\\\}")
elif hook["action"] == "modify":
script_lines.append(f"android hooking set return_value \\\\{hook['class']\\\\}.\\\\{hook['method']\\\\} \\\\{hook['return_value']\\\\}")
elif hook["type"] == "class_hook":
script_lines.append(f"android hooking watch class \\\\{hook['class']\\\\}")
return "\n".join(script_lines)
def save_script(self, filename):
"""Save generated script to file"""
script = self.generate_objection_script()
with open(filename, 'w') as f:
f.write(script)
# Usage example
generator = HookGenerator()
generator.generate_method_hook("com.example.Security", "isValid", "true")
generator.generate_method_hook("com.example.Auth", "checkPassword", "true")
generator.generate_class_hook("com.example.Crypto")
script = generator.generate_objection_script()
print(script)
// Custom Frida script for Objection
Java.perform(function() \\\\{
// Hook login method
var MainActivity = Java.use("com.example.MainActivity");
MainActivity.login.implementation = function(username, password) \\\\{
console.log("[+] Login attempt:");
console.log(" Username: " + username);
console.log(" Password: " + password);
// Call original method
var result = this.login(username, password);
console.log(" Result: " + result);
return result;
\\\\};
// Hook encryption method
var CryptoUtils = Java.use("com.example.CryptoUtils");
CryptoUtils.encrypt.implementation = function(data) \\\\{
console.log("[+] Encryption called with: " + data);
// Return plaintext instead of encrypted data
return data;
\\\\};
\\\\});
#!/usr/bin/env python3
# Burp Suite and Objection integration
import requests
import subprocess
import time
class BurpObjectionIntegration:
def __init__(self, burp_proxy, package_name):
self.burp_proxy = burp_proxy
self.package_name = package_name
self.session = requests.Session()
self.session.proxies = \\\\{'http': burp_proxy, 'https': burp_proxy\\\\}
self.session.verify = False
def setup_objection(self):
"""Setup Objection with SSL pinning bypass"""
commands = [
f"objection -g \\\\{self.package_name\\\\} explore",
"android sslpinning disable",
"android root disable"
]
for cmd in commands:
subprocess.run(cmd.split())
time.sleep(2)
def test_endpoints(self, endpoints):
"""Test endpoints through Burp proxy"""
for endpoint in endpoints:
try:
response = self.session.get(endpoint)
print(f"Endpoint: \\\\{endpoint\\\\} - Status: \\\\{response.status_code\\\\}")
except Exception as e:
print(f"Error testing \\\\{endpoint\\\\}: \\\\{e\\\\}")
# Usage
integration = BurpObjectionIntegration("http://127.0.0.1:8080", "com.example.app")
integration.setup_objection()
integration.test_endpoints(["https://api.example.com/login", "https://api.example.com/data"])
#!/usr/bin/env python3
# OWASP ZAP and Objection integration
from zapv2 import ZAPv2
import subprocess
import time
class ZAPObjectionIntegration:
def __init__(self, zap_proxy, package_name):
self.zap = ZAPv2(proxies=\\\\{'http': zap_proxy, 'https': zap_proxy\\\\})
self.package_name = package_name
def setup_mobile_testing(self):
"""Setup mobile testing environment"""
# Start Objection
subprocess.Popen([
"objection", "-g", self.package_name, "explore",
"-c", "android sslpinning disable"
])
time.sleep(5)
# Configure ZAP for mobile testing
self.zap.core.set_option_use_proxy_chain(True)
self.zap.core.set_option_proxy_chain_name("127.0.0.1")
self.zap.core.set_option_proxy_chain_port(8080)
def run_active_scan(self, target_url):
"""Run active scan against mobile app endpoints"""
# Spider the application
scan_id = self.zap.spider.scan(target_url)
# Wait for spider to complete
while int(self.zap.spider.status(scan_id)) < 100:
time.sleep(1)
# Run active scan
scan_id = self.zap.ascan.scan(target_url)
# Wait for scan to complete
while int(self.zap.ascan.status(scan_id)) < 100:
time.sleep(1)
# Get results
alerts = self.zap.core.alerts()
return alerts
# Usage
integration = ZAPObjectionIntegration("http://127.0.0.1:8080", "com.example.app")
integration.setup_mobile_testing()
alerts = integration.run_active_scan("https://api.example.com")
# Check Frida server status
adb shell ps|grep frida-server
# Restart Frida server
adb shell killall frida-server
adb shell /data/local/tmp/frida-server &
# Check device connectivity
frida-ps -U
# Test Objection connection
objection -g com.android.settings explore -c "env"
# Debug connection issues
objection -g com.example.app explore --debug
# Check if application is running
adb shell ps|grep com.example.app
# Start application
adb shell am start -n com.example.app/.MainActivity
# Check application permissions
adb shell dumpsys package com.example.app|grep permission
# Clear application data
adb shell pm clear com.example.app
# Reinstall application
adb uninstall com.example.app
adb install app.apk