I have used Burp Suite and Charles to debug network using my computer as a proxy. It works with every app and it tracks all network requests, but there's a specific app where it's requests doesn't show up no matter what, does someone have any idea why? If the reason of this is the fact that the app makes SOAP requests, is there a way to track it?
Related
I'm making use of the library GCDWebServer(https://github.com/swisspol/GCDWebServer) in a project of mine, that requires me to accept connections originating only from my application's process, for security reasons. I was hoping this is something that the iOS app sandbox would provide out of the box, but that doesn't appear to be the case. The sandbox appears to be enforced for UNIX domain sockets(AF_UNIX), by means of file-system permissions. But for TCP/IP sockets(AF_INET), used by GCDWebServer, there appears to be no sandboxing in place.
I was able to write two sample applications - a client and a server(signed with different developer certificates) and could have them communicate with each other, without any issues.
I was wondering if there was some way of enforcing the same on iOS, essentially spin up a HTTP server on a TCP socket but only accept connections from the same process. I can't make use of UNIX domain sockets, because the client which is going to request the content from the HTTP server is an AVPlayer and it wouldn't know how to connect to my application's UNIX domain socket.
I'm about 99% certain that what you're asking for is impossible. I don't even think it is possible in OS X without writing a network kernel extension (and even then, it would be challenging).
By the time a network request reaches another process, it has passed through the networking stack and has lost any notion of what process originated the connection (unless this has improved fairly recently).
Realistically, the closest you can get is binding to a random port on the localhost interface and tearing it down as soon as your app gets put into the background.
Pedantically, if you managed to somehow convince Apple that you planned to build a VPN, it is theoretically possible to abuse the VPN API in such a way that would let you provide a private network that worked only within your app. It would not, however, ever be allowed in the app store.
But why would you ever want to do this? AVPlayer is more than capable of playing from a file URL.
There are many ways you could do that: you can inspect the incoming request in GCDWebServer and decide if you want to respond to it or return an error.
You could add a secret header other apps wouldn't know about, sign the entire request with a secret key, etc...
If you had to open a resource from a database in a web browser on another computer, using an Apple tablet app as a remote control, how would you implement such a feature? This is basically what WhatsApp Web does, so it should be technically possible. But how would you go about it?
I'm assuming that you mean a situation where the app modifies something on the server, and the browser then updates automatically to reflect this. If you mean something like the iOS Remote app, then you may have to use another method (and you may not be able to do it from the browser).
To do this you'll have to have a server that both the iOS app and the browser are connected to. When the app does something, it updates the server, e.g. by submitting an HTTP request to a REST API. The server then updates the database.
Now you have to get the browser to update, and there are two ways of going about this. One is by polling the server periodically, using AJAX to update parts of the page dynamically without refreshing the whole page. This works, but there's a lot of overhead and it can be a drain on a laptop battery.
The better, but slightly more difficult to setup, alternative is to use WebSockets. WebSockets allow for two-way communication between server and client, and the connection stays open until one party closes it (or it times out after a long time). The client can submit information to or pull information from the server as before, but the server can also push information to the client without the client having to request it. This would typically be how games, chat clients, etc. can operate nearly in real time.
Setting this up isn't necessarily that difficult, but it's a very broad, open-ended topic that's beyond the scope of just iOS development. Beyond the iOS app and the web client, you'll also need a backend that's capable of using sockets. Node.js is a popular JavaScript-based backend for this sort of application; there are numerous others out there as well. You'll have to do your own research to determine what's right for you.
I work with web analytics and have somewhat of a web developer background, BUT I am not a programmer. I need a way to debug the tracking code I request our mobile app team to implement. They are also not Web Analysts so they struggle to be able to verify if it works too.
I need a way to take one of their builds, run it on a desktop environment, and monitor it with a network monitoring tool like Charles Proxy or the network monitoring tools in the developer tools of most browsers.
I want to at least be able to see the information being passed back to our analytics tracking tool via the network connection. That will tell me if what I requested works or not. If there are other tools that a non-programmer can use to achieve this and more I would be grateful to hear about them. The few tools I have seen seem to be more about testing web pages via a mobile device. I need to test apps that you will eventually download from the an app store.
Thanks!
In our company, we found that Charles is perfect for testing all that concerns tracking.
Charles will record all your requests and responses from your computer, SSL traffic included.
(You can also let physical Android/iOS devices use your desktop as a proxy to catch all traffic there, which is even more impressive and useful, but I understand that this is not what you want.)
You can even do fancy stuff like throttling your connection and adding breakpoints, to see what would happen in "real" situations with bad connection...
Hope this helps.
I need to view some local (saved somewhere in the iPad) html / js contents with mobile Safari. By reading some threads it seems that the file:// protocol is disabled. Right?
If so, the solution I see is to install an app which turns the iPad into an http server (no need for support of php or anything else), load my contents there and access somehow them within the same device by http://localhost/... or http://127.0.0.1/... with mobile safari.
Is that actually possible? Can someone please suggest me a good web server app which possibly does not require jailbrake or other hacking?
Thanks!
You probably can't do what you want because in order for your application to be serving up HTTP requests to Mobile Safari, it would have to be running in the background, and there's no permissible background mode that covers this.
If you only need a one-time-only response immediately after running your application, then you could possibly use beginBackgroundTaskWithExpirationHandler:, although this might not be approved by Apple - it's difficult to predict their response to that.
If you are sure that you don't need this to go into the App Store, then you can get your application running in the background permanently by abusing one of the other background modes, such as pretending to be a VOIP app or media player.
Once you're running in the background, you can use CocoaHTTPServer to actually serve the files.
If you describe what you are trying to achieve, somebody might be able to suggest an alternative approach to using local files / Mobile Safari.
I am working on an ios app which communicate with the server via http request. And I want to monitor the network traffic when testing my app in ios simulator/devices.
Is there any software or tools I can used to inspect the http requests of a specified application on mac/ios, just like firebugs for web developers?
Thanks.
As far as I know, there are several tools in App Store that provide the network traffic monitor feature. But, they could only view iPhone as a whole and stay at that level. In other words, they could only tell how much traffic has been consumed of this iPhone. For each app? No data.
You can use HTTP Catcher to capture web traffic. It's a Web debugging proxy for iOS, so you can view requests and responses directly on iPhone.
You can use Proxyman to record/capture all the requests & responses from your app while developing.It will support ios simulators also. Without doing any code change we use this.
First Download the Proxyman app form the above link after that just go through this documentation for references.
Charles has recently released an iOS version for http traffic monitoring. it is a paid app though. Good news is that you can set up Charles free desktop version then setup HTTP proxy from your iOS device.