Frida and Objection are the core of iOS pentesting. They allow runtime hooking, bypassing SSL pinning, modifying logic, inspecting memory, enumerating APIs and analyzing app behavior without modifying the binary. This chapter gives a full practical setup: installation on macOS/Linux, installation on the iPhone, troubleshooting, runtime testing and validation.
Preparing Your Environment
Install Python and Pip
Most tools require Python.
python3 --version
pip3 --version
If missing:
macOS (Homebrew):
brew install python
Linux:
sudo apt install python3 python3-pip
Install Homebrew (macOS)
Homebrew installs many required packages.
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Installing Frida (Computer Side)
Frida has two components:
-
Frida CLI → installed on your computer
-
Frida Server → installed on the jailbroken device
Install Frida CLI
pip3 install frida-tools
pip3 install frida
Verify:
frida --version
If the command outputs a version number, installation succeeded.
Installing Frida Server (iPhone)
Frida server runs inside the jailbroken device and allows your computer to inject hooks.
Step 1: SSH into the Jailbroken Device
Using USB proxy:
iproxy 2222 22
ssh root@localhost -p 2222
Default password may be “alpine,” change it:
passwd
Step 2: Download Frida Server (iOS ARM64)
Find your device CPU (A8–A11 = ARM64).
Download the matching version:
wget https://github.com/frida/frida/releases/download/<VERSION>/frida-server-<VERSION>-ios-arm64.xz
Extract:
unxz frida-server-*.xz
chmod +x frida-server-*
mv frida-server-* /usr/local/bin/frida-server
Step 3: Run Frida Server
./usr/local/bin/frida-server &
To make it run automatically:
echo "/usr/local/bin/frida-server &" >> /etc/rc.local
Validate Frida
From the computer:
frida-ps -U
If you see running processes such as “SpringBoard,” Frida is working.
Installing Objection
Objection is built on Frida. You install it on your computer, not the phone.
Install Objection
pip3 install objection
Verify:
objection --help
Installing Additional Tools (Required for Full Pentesting)
These tools make dynamic analysis much easier.
Objection Dependencies
Install adb-like utilities (used for mobile workflows):
macOS:
brew install usbmuxd
brew install python@3
Linux:
sudo apt install usbmuxd
Installing class-dump / class-dump-z
Used to extract Objective-C class information.
macOS:
brew install class-dump
Verify:
class-dump --help
Installing ipainstaller (Install .ipa from CLI)
On macOS:
brew install ios-deploy
Use it for installing unsigned or test apps.
Installing Bagbak (Decrypt iOS Apps)
This tool dumps decrypted IPA from device memory.
Install:
npm install -g bagbak
Usage:
bagbak com.example.app
Installing Hopper / Ghidra (Reverse Engineering)
Install Hopper (macOS):
https://www.hopperapp.com/download.html
Install Ghidra (cross-platform):
https://ghidra-sre.org/
These tools help reverse engineer binaries and analyze anti-debug logic.
Installing TCPDump for Network Capture (iPhone)
Inside jailbroken device:
apt install tcpdump
Capture HTTPS traffic before decryption attempts:
tcpdump -i any -w /var/root/net.pcap
Download the pcap:
scp -P 2222 root@localhost:/var/root/net.pcap .
Installing SSL Kill Switch (Bypass SSL Pinning)
Inside the device:
apt install com.nablac0d3.sslkillswitch2
Reboot.
Now any app with SSL pinning will allow MITM interception.
Practical Testing: Hooking an App with Frida
Step 1: List hooked processes
frida-ps -U
Step 2: Spawn an app
frida -U -f com.example.app --no-pause
Step 3: Load a hook script
Create hooks.js:
console.log("Frida Hook Loaded");
Run it:
frida -U -f com.example.app -l hooks.js --no-pause
This confirms dynamic instrumentation is working.
Practical Testing: Using Objection
Start the app:
objection -g com.example.app explore
Useful commands:
List files:
ls /var/mobile/Containers/Data/Application/
Bypass jailbreak detection:
ios jailbreak disable
Bypass SSL pinning (if not using SSL Kill Switch):
ios sslpinning disable
Dump keychain items:
ios keychain dump
Enumerate UI elements:
ios ui dump
Dump app memory:
memory dump all
Troubleshooting
Frida Version Mismatch
If you get:
Failed to connect: unsupported version
Update both sides:
pip3 install --upgrade frida-tools frida
Device:
Download matching server version from GitHub releases.
Objection Not Attaching
Kill old Frida servers:
killall -9 frida-server
Restart:
frida-server &
Intel Dump
-
Frida requires two parts: CLI on computer + server on jailbroken device
-
Objection is installed only on the computer
-
DFU jailbreak devices support full instrumentation
-
Frida server must match the Frida desktop version
-
Installation includes Frida, Objection, Bagbak, class-dump, tcpdump and SSL Kill Switch
-
Tools allow API hooking, SSL bypass, memory dumping, UI exploration and keychain extraction
-
Testing involves spawning processes, injecting scripts and using Objection’s interactive shell
-
Troubleshooting focuses on version mismatches and server restarts