I am having a problem since upgrading to Xcode 8 from 7.3.1.I am behind a proxy at work and the simulator will not make any connections to web services though my app although Safari on the simulator works.Everything works fine when I try outside the proxy and it works fine with 7.3.1.Does anyone now of any changes with Xcode 8 & iOS 10 that I need to make?
The Simulator runs a separate iOS/watchOS/tvOS userspace but shares the host macOS kernel. NSURLSession in the Simulator has its own cache but uses the host socket layer.
Try the relevant URI in Safari in the Simulator and see what you get. If your proxy is performing a man-in-the-middle attack on SSL connections they will be rejected as invalid. If your proxy requires authentication it won't work because the Simulator keychain is separate from the host keychain (though this was done in Xcode 7 so it isn't new).
FTW: We do not recommend that proxies MITM SSL connections; that leaves you dangerously exposed to attackers operating inside the corporate firewall, which is extremely common these days thanks to phishing attacks.
We also highly recommend that you limit ATS exceptions to the absolute minimum required. If your webservice is using insecure SSL settings you should upgrade your webservice, rather than down-grading your users to vulnerable connections. If there is only one or two third-party hosts you need to connect to, limit your ATS exceptions to just those hosts.
If none of this helps please file a bug at https://bugreporter.apple.com. Include the output of sysdiagnose and ~/Library/Logs/CoreSimulator.
Related
I am trying the proxy the network traffic from my iPhone to Mac via Charles Proxy, below are the versions i am using:
iPhone - model 13, OS - 15.4
Mac - OS - Monterey (12.2.3)
Charles - 4.6.2 (licensed)
I installed Charles on Mac, enabled SSL Proxying, added generic IP (0.0.0.0/0) in Access Control Settings, got the local IP address from Help and used it on my iPhone wifi settings - Proxy > manual > local IP from Charles and port 8888.
As soon as i do this my phone is not able to connect to internet at all. I have seen various instructions about adding root certificate, enabling trust settings etc, but those all can be done only if am able to connect to internet to download the certificates. Which i am unable to.
I went through every question on this site which mentions Charles proxy, but none could provide any solution to my problem so appreciate any inputs on this.
If there is no important information in your phone, you can reset the network settings first, then try the following
Make sure that both the computer and the phone are not using a virtual private network
The computer and the phone are in the same network environment
The computer has the Charles root certificate installed
The phone has successfully installed Charles' certificate and trusts it.
If the above suggestions don't help you, I suggest starting from scratch and troubleshooting the problem step by step
Let's take mobile phones and computers accessing https://www.google.com separately as an example
After the computer installs the certificate, can it be connected to the Internet normally, and can it crawl Google's response request?
The mobile phone and the computer are on the same network segment and use the proxy URL provided by charles. Can you access and download the certificate?
3. On the computer, does Charles pop up an access prompt and ask you to choose whether to agree to the access?
Turn off the computer-side crawling and access it on the mobile phone to see if it can crawl the response request on the mobile phone.
Next time, check the firewall in the security and privacy settings. It should not block Charles' incoming connections. I spent two hours trying to figure out what was going on
I know almost nothing about Visual Studio or Xamarin. I'm using Visual Studio for Mac 8.9.10. This isn't my code and I'm trying to understand it.
This app does REST requests to my server (rails) and I am trying to intercept them. I have my iOS Simulator set up so that network requests can pass thru Proxyman. This works fine for, say, Mobile Safari on the Simulator, or for an app that I write myself in Xcode. I thus believe I have a good handle on Proxyman usage and on the traffic I am trying to intercept.
However, when my app built from Visual Studio Xamarin does networking in the Simulator, nothing appears in Proxyman. I thought at first this might be because of my use of a localhost server for testing, but it is equally true for normal requests that really do go out on the Internet. Proxyman doesn't seem to see my app's traffic at all.
This makes me think there is something odd about the way Visual Studio / Xamarin itself configures iOS apps for networking. Is there? How do Mac users intercept web traffic from a Xamarin Visual Studio-built iOS app in the Simulator?
(And another thing: If I write my own iOS app to be intercepted by Proxyman, I have to enable NSArbitraryLoads in order to talk via http. But my Visual Studio Xamarin app doesn't have that in the Info.plist; yet it can talk via http. How can that be? Seems related.)
(This might be related: it seems Xamarin http requests really do evade the proxy somehow? https://forums.xamarin.com/discussion/129748/how-do-i-make-http-requests-using-proxy-settings)
There is nothing in the lower level network stack itself that respects the system proxy settings; ideally network frameworks should, but it appears that Xamarin's does not.
localhost.proxyman.io is a DNS entry that points to localhost but it doesn't redirect the traffic through the proxy.
You need a something that can act as a reverse proxy - A service that looks to the client like your web service, but that redirects requests to your actual web service. This feature is not yet available in proxyman.
You can use Charles proxy as an alternative.
I need to be able to capture HTTP(S) requests from Android and iOS devices, for both Browsers and, in the future, for Native apps for testing purposes mainly.
Some aspects to consider:
There are a lot of devices/iOS combinations to support, so the only viable solution is to use a Cloud Browser provider like SauceLabs, BrowserStack, etc.
Preferably, I would use Real devices, not Emulators/Simulators
We could make any kind of tweaks for the staging environment of the site under test in case is needed
Same for the native applications
My first attempt was to give it a try with FiddlerCore, and while it works on Android, it doesn't work on iOS because of the self-signed certificate that would require to be trusted manually (leaving aside the fact that due to security reasons, no Cloud Browser provider would allow you to do it).
So, next I thought of creating a proxy server and buying a Trusted CA Signed Certificate (e.g. Comodo, GoDaddy, etc), setup the device to use that proxy server and then fetch in my tests the requests and responses from it.
I don't know much about Certificates and don't have extensive experience Appium, so the following questions arise:
Will the setup mentioned above, using a proxy server and trusted CA signed cert suffice for iOS not to complain that the certificate is not trusted? Note that I won't be able to manually accept the cert on the device (in case it's needed).
In case the setup above will work, is it possible to setup using Appium the proxy settings on the device? As far as I know, Appium can interact with Android Settings menu, but I'm not sure about iOS.
Is there anything that I missed or that I could keep mind?
I uploaded my app on itunes multiple times and received the following message:
(
We discovered one or more bugs in your app when reviewed on iPhone running iOS 10.2 on Wi-Fi connected to an IPv6 network.
Specifically, when we attempted to create a new account a loading indicator spun indefinitely.
)
Apps are reviewed on an IPv6 network. Please ensure that your app supports IPv6 networks, as IPv6 compatibility is required.
Notes: I have used AFNetworking version 3.1.0 for call web services(support IPV6) and Apple Reachability(also support IPV6) without using hard coded Ip.
My question: the changes must be done on mobile side or server side?
As far as my experience with IPv6 reaches, you're probably right. When you develop your app in Xcode using the latest SDK for iOS 10.2, you should be save with IPv6 compatibility on your app's side.
However, Unix (MacOS audios are a Unix derivative) takes the path or url from your app and will negotiate at the OS level with the other side you want to connect with. This usually runs over a DNS. So, your app and iOS will first request an IPv6 IP address from the DNS. When the DNS understands IPv6, which is not always guaranteed, but it usually does, it asks the other side for an IPv6 address. If the other side does not support IPv6, the operating system will request an IPv4 address and set up the connection.
Since Apple will hold you responsible for the entire chain of services delivered by your app, you must ensure the requested side also supports IPv6 via it is part of the your apps functionality.
Hope this helps.
Is there any way to use Charles proxy selectively with particular applications like iOS Simulator on Mac OS X? Currently while monitoring HTTP traffic to and fro iOS application running with iOS Simulator, Charles also monitors HTTP traffic from other apps like Chrome and Mail app etc. This is really distracting. Is there any way to do this except adding the list of domains that we want to bypass under Charles Proxy settings ?
Chrome is really a problem because it uses Mac OS X proxy settings. I tried extension like Proxy Switchy but it either doesn't help or I don't know how to configure it.
Any pointers will be highly appreciated. Thanks!
You can indeed filter the records in Charles proxy. Just go to Proxy>Record Settings...
Then u can include or exclude any domain that you need to.
Thats the only way to do it. using domain, port, path or query.
If you dont wanna record things coming from google Chorme, just disable the option pressing Cmd+Shift+P , this will disable Mac OS X Proxy.
Using the Sequence tab, you can set a filter:
Quick, easy and no proxy menus and settings to worry about.
I was trying to do something similar. Consider this as an alternative. If you have an iOS device, you can run your app on the device and configure Charles to only show traffic from remote clients by disabling the "Mac OS X proxy"
Here is an example setup:
Using one remote client (say an iPad in this case) and a Mac running Charles as your proxy host, disable the "Mac OS X proxy" by deselecting the checkbox in Proxy Settings >> Mac OS X Tab >> Enable Mac OS X proxy (See image below.)
By doing so, you essentially filter your simple setup to only display traffic that is coming from remote client (the iPad).
To audit the whole traffic, I actually had to use a real device. it's not possible to filter the client app easily with an iOS simulator because the simulator and the host (your mac) shared the same IP. But it's pretty nice if you use a device. More info Help > SSL Proxying > Install Charles Root Certificate on a Mobile Device or Remote Browser.
Check your IP, make sure the device and your mac are in the same network (your IP can be checked in the "Install Charles Root Certificate..." above-mentioned section of Charle's Help.
Open chls.pro/ssl on your device and install the certificate on your device.
Make sure your certificate pinning is off (if you use some sort of it).
Check you Proxy > SSL Proxying Setting as normally (make sure all hosts you want to track are there).
Run the app.
Accept the upcoming traffic from your device in Charles if asked.
Save the session and filter outside from the Charles because there is still no Client Address/Client IP filterable in Charles. 😔 Alternatively, it's quite easier to see the traffic from a device listed in the app and distinguish from 127.0.0.1 and "anything else".
BTW. To filter my application backend I prefer not to use the basic filter feature (on the bottom) as djibouti33 proposed, but rather Focused Hosts (View > Focused Hosts...). And there is a toggle/check box to hide/show other calls on the sequence list. Pretty convenient.