Skip to content
Objection

Objection

Category: Mobile Security
License: GPL-3.0 (open source)
GitHub (8900★)
Visit Website →
Suphi Cankurt
Suphi Cankurt
+7 Years in AppSec
Updated April 14, 2026
7 min read
Key Takeaways
  • Runtime mobile exploration toolkit built on Frida with 8,900+ GitHub stars; provides pre-built commands for SSL pinning bypass, file system inspection, and memory dumps.
  • Works on non-jailbroken iOS and non-rooted Android devices via app patching (objection patchapk/patchipa) that embeds frida-gadget into the target app.
  • Single commands like 'ios sslpinning disable' replace hours of custom Frida scripting; covers AFNetworking, OkHttp, and many custom pinning implementations.
  • Free under GPL-3.0; install via pip3 and connect to running apps through an interactive REPL for keychain extraction, heap exploration, and runtime hooking.

Objection is a runtime mobile security exploration toolkit built on Frida that lets pentesters hook live iOS and Android apps from an interactive command line, without writing custom JavaScript instrumentation. SensePost released it in 2016 under GPL-3.0.

With over 8,900 GitHub stars and v1.12.4 shipping in March 2026, it has become the default choice for pentesters who need quick assessment capabilities without the complexity of writing Frida scripts from scratch.

The short version

  • What it is: A Python CLI that wraps Frida with pre-built commands for mobile pentesting — the 80/20 instrumentation tool for iOS and Android.
  • How it works: Connects to a running app via an interactive REPL; commands like ios sslpinning disable hook the target at runtime without modifying its binary on disk.
  • Runs on: Jailbroken/rooted devices via frida-server, OR non-jailbroken/non-rooted devices via objection patchipa / patchapk (embeds frida-gadget into the app).
  • Best for: Quick mobile assessments — SSL pinning bypass, keychain extraction, file system inspection, memory dumps — without writing custom JavaScript hooks.
  • Install: pip3 install objection — current release v1.12.4 (March 2026), GPL-3.0, maintained by SensePost.
Objection at a glance: GPL-3.0, 8,900+ GitHub stars, built on Frida, iOS and Android, latest v1.12.4 March 2026, maintained by SensePost. Strengths: no jailbreak/root needed, one-line SSL pinning bypass, interactive REPL. Limitations: less flexible than raw Frida, patched APKs trigger anti-tamper, pre-built hooks miss custom implementations.

First released by SensePost in 2016 and featured at Black Hat Arsenal Europe 2017 and USA 2019, Objection is actively maintained as an instrumented mobile pentest framework. The latest release, v1.12.4 (March 2026), added a reconnect command and reconnect_spawn functionality for reattaching to targets after process restarts — a useful addition for long testing sessions where the target app may crash or be relaunched.

Objection GitHub repository (github.com/sensepost/objection) showing 9k stars, 962 forks, 79 tags, GPL-3.0 license, latest release v1.12.4 from two weeks ago, and the project's directory structure including agent, objection, plugins, and tests folders.

The main draw is accessibility. Frida expects you to write JavaScript hooks; Objection ships a command-line interface with the hooks already written for you.

That shortens the ramp-up for testers who want to work at the instrumentation layer without reading a Frida tutorial first.

Key Insight

Objection is Frida for people who don't want to write Frida scripts. It is the 80/20 mobile instrumentation tool — pre-built hooks for the tasks that show up on every mobile pentest, with a clean exit hatch to raw Frida scripting when the built-ins don't fit.

I lean on Objection for runtime mobile testing because it wraps Frida with a REPL I can drive without writing scripts first. Commands like android keystore list and ios sslpinning disable cover the first ninety percent of what I need during a pentest — dumping keychains, bypassing cert pinning, tracing class methods. For anything deeper, I drop down to the underlying Frida API.

What is Objection?

Objection is a Python command-line toolkit that wraps Frida’s dynamic instrumentation to perform runtime analysis of iOS and Android apps. It injects scripts into running processes to bypass security controls, inspect app internals, and change behavior — the original APK or IPA on disk stays untouched.

The framework runs as a command-line REPL (Read-Eval-Print Loop) where you issue commands against a live app. The interactive loop lets you react to what you find instead of scripting every check ahead of time.

Objection README hero showing the 'objection - Runtime Mobile Exploration' pixel-art logo, Black Hat Arsenal Europe 2017 and USA 2019 badges, pypi package badge for v1.12.4, and the bullet list of capabilities: iOS and Android support, container file system interaction, SSL pinning bypass, keychain dumping, memory tasks and patching, heap object exploration, and the GPL-3.0 license footer.

Installation is straightforward via pip (pip3 install objection), and the tool handles the complexity of Frida setup behind the scenes. For apps on non-jailbroken or non-rooted devices, Objection can patch APKs and IPAs to embed frida-gadget, enabling testing without system-level access.

Note: Objection needs a jailbroken/rooted device with frida-server, or a Frida-patched APK/IPA. It does not work on production-signed apps you can't repackage — App Store and Play Store builds pulled directly from a non-jailbroken phone are off-limits unless you can re-sign them.

SSL Pinning Bypass
Automatically disable certificate pinning to intercept HTTPS traffic with proxies
File System Access
Browse, download, and upload files from the app’s sandbox without jailbreak
Memory Manipulation
Dump process memory, explore heap objects, and search for sensitive data in RAM
Keychain Inspection
Extract credentials and certificates from iOS Keychain or Android KeyStore
Runtime Hooks
Inject custom hooks to bypass biometric auth, modify method behavior, or trace calls
No Jailbreak Mode
Patch apps to include Frida without requiring device-level root or jailbreak access

Key features

SSL Pinning Bypass

SSL pinning bypass is a runtime patch that disables an app’s certificate-pinning checks so a proxy like Burp or mitmproxy can intercept its HTTPS traffic. It is Objection’s most-used feature.

A single command — ios sslpinning disable or android sslpinning disable — defeats most pinning implementations and lets you intercept HTTPS traffic with mitmproxy or Burp Suite.

That replaces hours of manual hook writing for a task that lands on almost every mobile pentest.

Pro tip: Once you're in the REPL with objection --gadget com.target.app explore, the one command that pays for itself before lunch is ios sslpinning disable (or android sslpinning disable). Run it before pointing your phone at mitmproxy or Burp — most apps surrender their TLS traffic immediately, no custom hook required.

Objection iOS SSL pinning bypass command disabling certificate validation at runtime

The SSL pinning bypass works by hooking common pinning libraries and custom implementations at runtime. It covers frameworks like AFNetworking on iOS and OkHttp on Android, as well as many custom validation routines.

Objection Android SSL pinning bypass showing disabled certificate checks

File System and Container Exploration

Objection provides commands to browse the app’s file system, download databases and configuration files, and upload modified versions for testing.

On iOS, you can navigate the app’s Documents, Library, and tmp directories. On Android, you can explore /data/data// and external storage.

That access is where hardcoded credentials, SQLite secrets, and sloppy local encryption usually turn up. You can dump binary cookies, read plist files, and poke at the app’s own encryption routines.

Objection iOS file system listing showing app sandbox directories and files

Memory and Heap Analysis

Objection ships commands for memory dumps and heap walks. You can grep process memory for API keys or tokens, pull objects off the heap to inspect runtime state, and pinpoint where sensitive data sits in RAM.

That is how insecure storage bugs surface — apps that hold credentials in memory long after they are needed, or never zero out buffers after use.

Keychain data that ends up paged into process memory during runtime exploration

Integration with Mobile Security Workflows

Objection slots into a normal mobile testing loop. Start by decompiling the APK with Jadx to map the app’s classes and pick out the methods worth poking at. Then use Objection to hook those methods at runtime, change their behavior, and watch what happens.

For apps with native libraries, reverse the compiled code with Ghidra, then drive Objection’s hook commands against whatever you find. Raw Frida scripts load straight into Objection via the import command when you need something the built-ins don’t cover.

The official wiki documents every command, the patching workflow, and the gadget configuration knobs you’ll need for non-rooted testing.

Objection 'Using objection' wiki page on github.com/sensepost/objection/wiki, showing the table of contents (command format, getting started iOS/Android edition), the command format section explaining subcommands and flags, and the start of an 'objection --help' terminal output block.

App Patching for Non-Rooted Testing

A Frida gadget is a shared library (.so on Android, .dylib on iOS) that embeds the Frida runtime into an app so Objection can instrument it without frida-server or device-level privileges.

The objection patchapk (Android) and objection patchipa (iOS) commands handle the embedding for you. That opens up testing on stock, non-rooted Android phones and non-jailbroken iPhones — the same hardware most end users carry.

The patched app behaves like the original but loads the Frida runtime at launch, which gives Objection full access without needing system-level privileges.

objection patchapk CLI output showing apktool unpack, frida-gadget injection, rebuild, and adb install sequence

When to use Objection

Strengths:

  • Much faster than writing Frida scripts from scratch
  • Beginner-friendly CLI with a well-documented wiki
  • Covers the mobile pentest tasks that show up on every assessment
  • Active development with regular releases
  • Strong community and plenty of public cheat sheets
  • Works without jailbreak or root via app patching
  • Free and open source under GPL-3.0
  • Cross-platform support for iOS and Android

Limitations:

  • Less flexible than hand-written Frida scripts for unusual targets
  • Pre-built hooks can miss heavily customized pinning or auth code
  • You still need to learn the command syntax and flags
  • Patched APKs may trip anti-tamper checks
  • Running many hooks at once adds performance overhead
  • Edge cases still mean dropping back to raw Frida
Best for
Objection fits pentesters who need to check mobile app security quickly — SSL pinning, insecure data storage, weak authentication — without writing custom instrumentation code first.

Getting started

1
Install Objection — Run pip3 install objection to install the toolkit and its dependencies including Frida.
2
Connect to a running app — On a rooted/jailbroken device with frida-server running, use objection -g com.example.app explore to launch the interactive REPL.
3
For non-rooted devices — Patch the APK with objection patchapk -s app.apk, install the patched app, run it, then connect with objection explore.
4
Run security checks — Use commands like ios sslpinning disable to bypass pinning, android hooking list activities to enumerate components, or env to inspect the app’s file system paths.
objection REPL walkthrough showing pip install, explore command connecting to a running app, and interactive commands disabling SSL pinning

Combine Objection with mitmproxy for traffic interception, Jadx for static analysis, and Frida scripts when you need custom capabilities beyond Objection’s built-in commands.

Frequently Asked Questions

What is Objection?
Objection is a runtime mobile exploration toolkit built on top of Frida. It provides a command-line interface for assessing mobile app security without requiring jailbreak or root access. The tool automates common pentesting tasks like SSL pinning bypass, file system inspection, and memory manipulation.
How does Objection differ from Frida?
Objection is built on top of Frida and provides a higher-level, more accessible interface. While Frida requires writing JavaScript hooks, Objection offers ready-made commands for common tasks. Think of Objection as a mobile pentest framework, while Frida is the underlying instrumentation engine.
Can Objection work on non-jailbroken devices?
Yes, Objection can work on non-jailbroken iOS devices and non-rooted Android devices by patching apps to include the frida-gadget. The objection patchapk and objection patchipa commands automate this process, allowing you to test apps without system-level access.
Is Objection suitable for beginners?
Yes, Objection is more beginner-friendly than raw Frida scripting. Its command-line interface provides intuitive commands for common tasks, making it an excellent starting point for learning mobile security testing. However, understanding basic mobile security concepts is still recommended.
How do I bypass SSL pinning with Objection?
After connecting to the target app with objection --gadget com.example.app explore, run ios sslpinning disable on iOS or android sslpinning disable on Android. Objection hooks common pinning libraries (AFNetworking, OkHttp, NSURLSession) at runtime, letting Burp Suite or mitmproxy intercept the app’s HTTPS traffic immediately. For custom pinning implementations that the built-in hooks miss, you can drop to a raw Frida script and load it through Objection’s import command.
How I review tools Suggest an edit

Other Mobile Security Tools

Apktool
Apktool

Android APK resource decoding & rebuild

Appdome
Appdome

No-Code Mobile Defense Automation

AppKnox
AppKnox

Mobile AppSec trusted by 300+ enterprises

Corellium
Corellium

ARM-based virtual iOS & Android devices for security research

Data Theorem Mobile Secure
Data Theorem Mobile Secure

Full-stack mobile AppSec

Drozer
Drozer

Android attack surface assessment framework

See all Mobile Security tools

Complement with DAST

Pair mobile security with dynamic testing for broader coverage.

Acunetix
Acunetix

Multi-Platform Easy-to-Use DAST

AppCheck
AppCheck

Former Internal Pentest Tool

See all DAST tools

Learn More

iOS vs Android Security Testing Mobile API Security Mobile App Penetration Testing OWASP MASVS & MASTG What is Mobile Application Security Testing?

Explore all Mobile Security guides and tools