Review App Session Cookies

On you are logged into the mobile app, a session is established from the back-end server. This cookie data could be stored in a Cookies.binarycookies file or kept in the Keychain. Along with the session ID, this will also contain the cookie attributes, such as HTTPOnly & secure (among others).

Review Session Information with Objection

Launch the app and login, then run the following command:

objection -g 'App Name' run 'ios cookies get --json'

The output will be similar to this:

[
    {
        "domain": ".example.net",
        "expiresDate": "null",
        "isHTTPOnly": "true",
        "isSecure": "true",
        "name": "SESSIONID",
        "path": "/",
        "value": "kAiVksIPXmaxZo/7Hx+X4mcuT3DwRlZ3SbonOEL12zZ6OUHH+l1ipCwpKlNFzC/PGreClpwttpr0    
. . . (truncated) . . .

Review Session Information with Objection​

Review Session Information with Objection