Every iOS reverse engineer has to analyse the network (HTTP/HHTTPS) traffic of apps. Thats why I show you today how this can be easily done. We will use the integrated HTTP/HTTPS proxy in the burp suite.
Requirements:
iOS Device (you dont have to Jailbreak it )
OSX/Linux/Windows OS based Computer
10 min of time (:
First off all you have to install the Burp suite (free version is sufficient) on your Computer. You can download it from here: https://portswigger.net/burp/ .
Now start burp suite an go to Proxy->Intercept and turn it off:
After this go to Proxy->Options->Proxy Listeners-> Choose the 8080->Press Edit
Now you should see something like this:
To make the Proxy working on your iPhone you will need to change the “Bind to address” from “Loopback only” to “All interfaces”.
To tunnel the network traffic through Burp Suite , turn on your iOS device connect it to the same wifi network as your computer. Now go to Settings->WI-FI->Press on the info sign beside the connected wifi:
Scroll down to HTTP PROXY and press “Manual”, after this enter the IP address of you computer as the server and 8080 as the port (no Authentication is needed). The last thing you have to do ist to got to Safari on you iphone and enter http://burp (without .com .de , etc but WITH http://). If you did nothing wrong you should see something like this:
Press the “CA Certificate” button to install the burp SSL cert. Close all apps and restart your iPhone.
Now you should be able to analyse/record the network traffic of apps on your iPhone/iPad/iPod touch. To view the network traffic go to Burp suite ->Proxy->HTTP history:
Thats it ! You are done ! (:
Comments