We are new to iOS apple development and iOS network extension but we do have general application development experience. We are wondering if there is a starter code available which we could utilize for our project.
We are looking for a virtual network interface in iOS so could monitor network traffic. Our goal is to monitor DHCP broadcast,m-DNS, DNS traffic.
If there are other methods, we would love to know.
There are different ways you can intercept DNS traffic in NE. However, if you are only interested in capturing DNS traffic, DNS Proxy Provider would your best option. Although, DNS Proxy Provider has limitation that it is only supported on managed devices.
Few discussions that would help:
https://developer.apple.com/forums/thread/81103?answerId=246229022
https://developer.apple.com/forums/thread/665480
How to use NEDNSProxyProvider in iOS 11
Few samples on GitHub:
https://github.com/pusateri/DNS-TLS
https://github.com/GroupeMINASTE/FMobile-iOS
You can search for NEDNSProxyProvider in developer forums to find quite a few discussions about it. This discussion also provides some good details. Also, this one.
You may also use Packet Tunnel Provider with match domains or empty match domains and full tunnel. This will allow you to support NE without MDM.
Few examples of Packet Tunnel Providers:
https://github.com/douxinchun/RabbitVpnDemo
https://github.com/OperatorFoundation/PacketTunnelExample
https://github.com/davlxd/NEPacketTunnelVPNDemo
Related
Hello I'm working with an hardware team to a really nice device that we can connect through with an iOS application. Currently we are using an ip address to perform calls on this device and it is working perfectly. Since we read about the new ATS specifics by Apple, we are trying to move the connection to a .local domain instead of using an IP address, so that we can configure domains exceptions in the App Transport Security Settings. We are experiencing a lot of problems trying to connect to the .local domains from the App... it seems that the DNS is never resolved. Are there any known bug related to .local domain? I seen some very old bugs... but nothing related to iOS 10/9.
Note: Currently to connect to the device we have to put the device in Access Point mode and from iOS settings we choose it as "wi-fi" router.
You're looking for Zero configuration networking, specifically DNS Service Discovery, an industry standard that Apple markets as Bonjour. That's what allows a device to list its services for DNS discovery through the .local top-level domain.
"Publication: An Example" in Apple's Bonjour guide is a good place to start for understanding what you'd need to do to implement this as a hardware vendor.
I have WebRTC framework for my iOS app.
But Apple iTune app store review team, rejected my app (even though it was working in my local hardware's, cost me 6 months of work). After waiting so long, they rejected, because its IPv4, has to be IPv6?
I cant simply change the whole WebRTC Framework that i have used in my app.
My target clients are only IPv4 (not IPv6, i am not even interested to use IPv6), is there no way to solve it? I am using this framework: https://cocoapods.org/pods/libjingle_peerconnection
Any advise/suggestion, has anyone tried the libjingle_peerconnection library to make compatible for IPv6?
EDIT: at 3.56AM
You need to add more details in your question to get an appropriate and correct answer.
My reason for putting an answer is not to answer your question as we need further information. My goal to answer is to make everyone aware how IPv6 functionality can be enabled when developing an Webrtc app.
Server side
Generally speaking primarily there are two main backend components the Webrtc clients connect to:
Signaling server : This is used to carry signaling information such as your sdp between Webrtc endpoints. Can be implemented using web sockets or http or other mechanisms
Stun and a relay/turn server: for obvious Udp hole punching through NAT traversal and if p2p not possible, to act as a relay between endpoints.
For IPv6 both of these servers should support IPv6 connections to it.
Client side
When apple tests IPv6, it must be disabling IPv4 network interface so that the iOS networking stack is forced to use IPv6. Hence you need to enable Webrtc stack to use IPv6 interface. This can be done by adding the constraint googIPv6 : true in the createpeerconnection constraints.
Other than this if you are using any other app servers in your code, you will have to make sure they accept v6 connections.
With the recent announcements by Apple regarding Supporting IPv6-only Networks. I have few queries:
1) I have code which uses NSURLConnection all over the place and I think it comes under CFNetwork APIs.
Do I need to update my code to NSURLSession mandatorily as mentioned on their website: https://developer.apple.com/news/?id=05042016a
2) IPv4-specific APIs or hard-coded IP addresses:
What does IPv4 specific APIs are there ? I dont see good documentation on Apple website about this. If anyone has any insights on this and can help me out it would be really helpful.
NSURLConnection is fine (see https://developer.apple.com/library/mac/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPreparingfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html#//apple_ref/doc/uid/TP40010220-CH213-SW21)
Apple lets you use BSD sockets directly, and it would be possible to implement code based on that which doesn't cope with IPv6. Hardcoded IPv4 addresses "123.123.123.123" won't resolve over IPv6, you should always be looking up IP addresses "www.stackoverflow.com"
In fact, it's probably a good idea to read the whole of the doc I linked to above. Amongst other things, it includes details of how to test IPv6 compatibility by sharing your regular internet connection using a El Capitan Mac as an simulated IPv6 access point.
I'm using Charles Proxy and Wireshark to monitor http(s) traffic from various iOS apps I'm using on my iPhone. These apps require me to set the HTTP Proxy under the iOS Wifi settings (let's call these the Proxy Settings).
My business needs to see ALL URL's that are being called from my phone. From all apps. All URL's, not some of them.
Now Charles and Wireshark both work fine and I can see a ton of traffic coming from my phone.
However, I can't help but wonder whether I might be missing some HTTP calls. Maybe calls that don't use the Cocoa Core Foundation libraries as the basis for their networking.
For instance, I could write my own HTTP library out of TCP/IP and these would bypass the Proxy Settings.
So my question is: what is the likelihood that some apps are using custom-rolled HTTP libraries and side-stepping my Proxy Settings. Or worse, they're using raw TCP/IP to communicate with a server. I know it's possible, but do any APIs work this way? Does anyone do it?
I found the answer: Use mitmproxy in transparent mode. proxy is not used. harder to setup because it needs work on the router, but it reliably captures every packet on port 80 and 443 regardless of proxy settings.
Assuming that you are able to keep your device tethered, then you may be able to use the pcap service to monitor all traffic. According to the following paper (2014) the pcap service is running on every iOS device:
"Identifying back doors, attack points, and surveillance mechanisms in iOS devices"
You should be able to connect to it via usbmuxd. I'm not sure whether there is a pre-rolled client for the pcap service. There is a list of services supported by libimobiledevice here. Pcap is not on that list.
Alternatively, you can use wireshark to capture all traffic on your wifi network.
I'm looking for a way to develop an iOS in which I can access all network traffic, (I mean System-Wide) and route it through my app. Something like a proxy server but notice that I want to force the route and access all the traffic not only web requests (Something like what VPN Connections do).
I think that may go a bit beyond Apple limitations regarding App Store Guidelines. Any VPN API accessible for doing that ? Any practical suggestion or description on undocumented and private APIs is really appreciated.
P.S: This article may help understanding what I'm looking for;
To be able to do VPN functionalities you have to create a vpnplugin, the problem is that it's a pseudo-Private API, I'm saying "pseudo" because there are companies that had access to the documentation and there are apps on the App Store that uses it (OpenVPN connect for example). You can try reverse engineering some of those app plugins (it's the folder with the .vpnplugin extension).
By the way, someone already did that and published the vpn plugin API to github: https://github.com/Smartype/iOS_VPNPlugIn/blob/master/iOSVPNPlugIn.h
Network Extension of iOS9 will allow custom VPN tunnel implementations and NEPacketTunnelProvider is probably what you are looking for.
Check out the WWDC video.
https://developer.apple.com/videos/wwdc/2015/?id=717
You need to send an email to apple to get access to this function.
https://github.com/shadowsocks/shadowsocks-iOS/issues/124