In my office, proxy and URL restriction is there so am not able to update the app/softwares through Appstore application and also not able to add the Team, signing certificate in Xcode. I raised the complaint to IT admin and inorder to enable the access they are asking for the URL's.. I searched but no luck .. Can you please share if you know the URL details.
Once try below this urls
appldnld.apple.com
mesu.apple.com
These are for updates and downloads of ios so i think that it should be same for mac also for appstore downloads or updates!!
And yes you can analyze network traffic as #
meaning-matters mentioned in his answer!
Reference : How to Stop iOS Software Update Notifications Reminders
Best to run a network traffic analyser on your computer and make a list of attempted accesses.
Even better, do the same from home (or wherever you have access), and list the actual URLs.
Or (in the mean time) ask/urge IT if they can open HTTPS (and HTTP) access *.apple.com/* and *.itunesconnect.com/* and see how far you get.
Good luck, this is a very annoying situation I've in too a few times.
Related
I am working on mobile pentests currently. At first, using my home network I was able to intercept traffic on burpsuite for both iOS and Android versions of “Test App”. Then the next day, I still am able to intercept traffic but the behaviour of this “Test App” for both iOS and Android seem like it has certificate pinning as I was just stuck on the pre-auth page and getting errors when trying to log in. Without proxy though I am still able to login OK and proceed with the app normally so I don’t think my home network got blacklisted? (For context, the binaries does not have any certificate pinning).
But when I tried to change my network to my mobile hotspot, I could intercept the traffic and app behaves normally again.
Anyone encountered the same previously? Any ideas on what could be causing this? Thanks
This does seem odd. I would wager one of three things is happening here:
You accidentally left "Intercept" on in Burp Suite Proxy. This holds the response in Burp Suite until you click Forward, which would cause behavior very similar to what you are describing here. I have done this more times than I am willing to admit.
There was a temporary outage in the application's API. Not unheard of, especially if this is an unreleased app.
There is some sort of issue on your home network, but this is unlikely. Maybe two devices have the same static IP address?
It's hard to say exactly what the issue might be based on the information you provided, but hopefully this was helpful, or at least gives you a place to start!
I've been searching for a way that if there's any way that an app can push / pull a message to / from another app, assuming that both apps have been installed. I have a feeling that probably that it is not possible, but would like to confirm with SO.
Basically, I'm going to develop two apps, app1 and app2. Let's assume that a user always downloads both of the apps (or, I've found previous discussions over SO that it is possible for an app to figure out if another target app is installed assume it makes Uri registration.) App1 would generate some information and have to pass to app2. One way to do it is that I can have an external server as a relay, and both apps can talk over network. However, is it possible to pass information locally from an app to another app, just like Service in Android? It would be appreciated if you can give me a keyword or a link. I read it further. Thank you.
Your solution is the App Groups Entitlement.
For files see: https://developer.apple.com/documentation/foundation/filemanager/1412643-containerurl
For NSUserDefaults see: https://developer.apple.com/documentation/foundation/userdefaults#1664611
I tested Universal Links in iOS by turning on Airplane mode and saw that the correct application was opened (instead of a website)
This indicates some level of "caching" the apple-app-site-association.
I want to determine the extent to which this is cached, so I can determine
What UX edge cases are there (e.g. Offline for x days)
What security considerations are there (e.g. MITM / SSLStrip + .well-known/URL)
etc.
Ideally I would like to have details if additional logic is employed (conditional caching if HTTPS employed, DNSSec, etc)
The exact behavior here is (intentionally?) unclear from Apple. Here is my personal experience, gleaned partly from official documentation and partly from helping thousands of apps implement Universal Links at Branch.io.
The apple-app-site-association file is cached once when the app is first installed.
If this initial scrape fails, in almost all situations it will not be reattempted. The only exception to this is if the initial return is a 5xx error, in which case a limited number of retries may occur. This is not well-documented, and is not covered in Universal Links documentation at all. You can find a mention in the Shared Web Credentials docs.
The file is not checked at all when a Universal Link is opened. This is why you are able to get Universal Links behavior in airplane mode.
The file does not expire. Once it is cached, it sticks permanently for as long as the app is installed.
The file will be re-checked when installing an app update.
The file must be accessible via a valid SSL connection at either https://example.com/apple-app-site-association or https://example.com/.well-known/apple-app-site-association. If there are redirects of any kind, this will fail.
It is theoretically possible to MITM the request if you are able to install a new SSL certificate directly on the device in question. Charles Proxy for example uses this approach for debugging. I have never seen or heard of this being exploited, and the damage would be quite limited because the domain still has to be specified inside the app itself.
I found a way to get around the caching issue. The cache is bound to the domain name, so for every time you want iOS to request apple-app-site-association you can create a new subdomain, and configure iOS to use that subdomain as the universal link for your app.
Extremely hacky, but it is the only workaround that worked for me.
I am doing mobile device management implementation and quite successfully sending commands now thanks to the answers I got in this site.I have one major thing left and that is web content filtering.I went through the configuration Profile Web Content Filter Payload and found that we can blacklist and whiteList the urls.Also I went through this and came to know that we can do it using a Mobile Device Management server.The problem I am getting is that how should it can be done.
I am using iPhone Configuration Utility for my MDM installation but I didn't find any setting for the web filtering there.So I tried to download the latest iPhone Configuration Utility App for the purpose and found that apple has removed this from their page.So I am unable to find a way how to do it. Can somebody please suggest me how to achieve this?
The answer by Nobosi is close but it's missing something key. Web Filtering can only be implemented via device supervision. The only two ways to supervise a device are through Apple Configurator or via Apple's DEP (device enrollment program) in conjunction with an MDM.
There are obviously benefits and detractors to each solution.
Apple Configurator
(+) Free
(+) Easy to setup
(-) Changes require re-tethering the device
(-) Devices should be tethered once per year due to cert expirations
MDM (AirWatch, MobileIron, etc)
(+) Easy to maintain OTA (over the air)
(+) highly versatile configuration and management options
(-) going to cost you some money to implement (licensing, etc)
(-) DEP requires buying devices directly from Apple or a DEP-enabled reseller
As mentioned above Web filtering can only be done in supervised device. MDMs provide this feature. Speaking from experience, Hexnode MDM provides a fair option for web filtering. There is option for black listing and white listing URLs. You can black list the URLs and prevent access to these sites or you can white list URLs and provide access to only these sites.
Also in iOS there is option to restrict inappropriate content. Hexnode MDM provides an option to enable access to these restricted sites by entering the URL of the "said" restricted site and make it an exception.
I want to fetch the list of near by wifi networks and able to connect to them from our App in ios, and my Application is Enterprise App so even private api's is also fine. Stuck this issue since 2 weeks, please provide me some references..
What you require will only work on JailBroken devices, the blog(blog.guvenergokce.com/iphone-wireless-scanner-ios5/170) which #Ckouta referred also has one comment from the Blog Admin,
I’m assuming that your device is already jailbroken (otherwise not possible)
You shall create release build of sample app and upload release build in to /Applications folder.
(you can use open ssh for that )
Public API allows you to have only information about the current wifi used by your device using CNCopyCurrentNetworkInfo
In order to fetch all the wifi available in your area, take a look at: Stumbler which is using MobileApple80211. I think, it handles what you are looking for. Moreover, you can also use it to connect your device to a specific wifi. You can find a good example of what you need here (answer #9)
Just keep in mind, if you are using private API, your app will be rejected by Apple.
Although it's late but have a look at this link. You can do what you want with the use of MobileWifi.framework and thanks to Cykey there are some reversed headers to use. I have done what you want myself using the link above:)