iOS Burp Suite Configuration
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:
For secure web traffic analysis and SSL pinning on iOS devices, the Burp Suite can be utilized either through the Burp Mobile Assistant or via manual configuration. Below is a summarized guide on both methods:
The Burp Mobile Assistant simplifies the installation process of the Burp Certificate, proxy configuration, and SSL Pinning. Detailed guidance can be found on PortSwigger's official documentation.
Proxy Configuration: Start by setting Burp as the proxy under the iPhone's Wi-Fi settings.
Certificate Download: Navigate to http://burp
on your device's browser to download the certificate.
Certificate Installation: Install the downloaded profile via Settings > General > VPN & Device Management, then enable trust for the PortSwigger CA under Certificate Trust Settings.
The setup enables traffic analysis between the iOS device and the internet through Burp, requiring a Wi-Fi network that supports client-to-client traffic. If unavailable, a USB connection via usbmuxd can serve as an alternative. PortSwigger's tutorials provide in-depth instructions on device configuration and certificate installation.
For users with jailbroken devices, SSH over USB (via iproxy) offers a method to route traffic directly through Burp:
Establish SSH Connection: Use iproxy to forward SSH to localhost, allowing connection from the iOS device to the computer running Burp.
Remote Port Forwarding: Forward the iOS device's port 8080 to the computer's localhost to enable direct access to Burp's interface.
Global Proxy Setting: Lastly, configure the iOS device's Wi-Fi settings to use a manual proxy, directing all web traffic through Burp.
Monitoring of non-HTTP device traffic can be efficiently conducted using Wireshark, a tool capable of capturing all forms of data traffic. For iOS devices, real-time traffic monitoring is facilitated through the creation of a Remote Virtual Interface, a process detailed in this Stack Overflow post. Prior to beginning, installation of Wireshark on a macOS system is a prerequisite.
The procedure involves several key steps:
Initiate a connection between the iOS device and the macOS host via USB.
Ascertain the iOS device's UDID, a necessary step for traffic monitoring. This can be done by executing a command in the macOS Terminal:
Post-identification of the UDID, Wireshark is to be opened, and the "rvi0" interface selected for data capture.
For targeted monitoring, such as capturing HTTP traffic related to a specific IP address, Wireshark's Capture Filters can be employed:
Export Burp Certificate
In Proxy --> Options --> Export CA certificate --> Certificate in DER format
Drag and Drop the certificate inside the Emulator
Inside the emulator go to Settings --> General --> Profile --> PortSwigger CA, and verify the certificate
Inside the emulator go to Settings --> General --> About --> Certificate Trust Settings, and enable PortSwigger CA
Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator
Steps to configure Burp as proxy:
Go to System Preferences --> Network --> Advanced
In Proxies tab mark Web Proxy (HTTP) and Secure Web Proxy (HTTPS)
In both options configure 127.0.0.1:8080
Click on Ok and the in Apply
Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)