Is there a way to intercept HTTP requests in the iPhone? e.g. something in the NSNotificationCenter I can register for so my app would get notified each time an HTTP request will go out or an HTTP response will come in?
I searched a lot but no luck,
Thank you
no you cant intercept HTTP requests with your app - you can of course act as a proxy for your OWN app's request but you cant proxy other apps' requests
From your question its not clear what you want to do, but i would suggest either implementation NSURLProtocol class or using PonyDebugger.
NSURLProtocol:
Create a subclass of NSURLProtocol class that will handle all web protocols such as HTTP, HTTPS, SSL etc. This is a abstract class that provides the basic structure for performing protocol-specific loading of URL data.
Once your created your custom URL protocol, register it in appDelegate class so your protocol will have priority over any of the built-in protocols.
[NSURLProtocol registerClass:[MyURLProtocol class]];
PonyDebugger:
if you just looking to intercept all your http request i would try this tool. PonyDebugger is a remote debugging toolset. It is a client library and gateway server combination that uses Chrome Developer Tools on your browser to debug your application's network traffic and managed object contexts.
AFNetworking:
if your using the very popular AFNetworking for your network request they automatically send notification. try to register the following two:
AFNetworkingTaskDidResumeNotification
AFNetworkingTaskDidCompleteNotification
Do you just want to view all of the HTTP/HTTPS traffic going to / from a single device that you have control of (e.g for debugging purposes)? If so, just setup a proxy and use that to monitor the requests.
If you're talking about building this into an app for general release, I'd very much hope this wasn't possible, and that if it was, I'd suspect it wouldn't make it through app store approval.
If you just want a debugging proxy:
For Windows, download Fiddler (free), and use your and follow the instructions here (install a cert on your phone and use the IP address of the machine running Fiddler as the proxy address):
http://docs.telerik.com/fiddler/configure-fiddler/tasks/ConfigureForiOS
For Mac OSX, Charles will also do the job (I've used it for this purpose and it works well):
http://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/
Related
When I use Charles Proxy for iOS and play some games, I recognize that they etablish connections with the protocol prefix "socket://" followed by an IP address (instead of a hostname, which is always present for other HTTP(s) connections). I'd assume that those are websockets.
Currently, I'm trying to implement a tool to track rudimentary network activity. To archive that, I'm using the NEKit (https://zhuhaow.me/NEKit/) in combination with the NEPacketTunnelProvider extension for iOS. Using that, I was able to set up a local HTTP Proxy server and setup the network interface to redirect every HTTP(s) request over that local proxy. Through an observer, I was able to see all the requested hostnames.
Now I found out, that some games (those which are using websockets) are not working properly with my solution. Regarding to this discussion https://news.ycombinator.com/item?id=16694670 it seems like proxying the HTTP(s) data flow doesn't enable me to handle websocket connections:
Yes, but the problem with Charles (well, iOS related at least) is that iOS websockets don't go through the HTTP Proxy configured. They're just considered a raw socket. Thus, even on desktop Charles, it's a nogo.
Due to that, some apps don't even work when my tracker is enabled, since they can't etablish a connection to their servers.
Is there the possibility to archive something similar for the websocket connections since the combination of GCDHTTPProxyServer (NEKit) and NEProxySettings (NetworkExtension) is only working for HTTP(s)? How can I track and (even better) proxy websocket connections?
I'm using a free version (3.11.5 as of this writing) of Charles Proxy and proxying my iPhone through it to attempt to reverse engineer some real-time features of an app I'm using.
I'm successfully able to see all http/https request in and out of the device. There are, however, web sockets (was://) that are open on the app that I cant see. It's only listing http/https requests.
Is there a setting I'm missing? Is the free version limited? Thanks.
It could be that the app you are proxying is not using the proxy settings you have defined in your iPhone’s “Settings”. If this is the case, you’d need a version of the app which adheres to the user defined proxy settings in order to see the WebSocket traffic in Charles.
In a project we are currently working on we need to rely on a precompiled 3rd party framework.
Is there any way to assure that it is not able to open up a network connection and send out confidential data?
Edit:
To make this a little clearer: It does not have to be at runtime. A static check is fine. I was more thinking something along the lines of: Is there a library that everyone who wants to use network has to link against?
Yes, there is a way to accomplish what you want. Check mitmproxy out. Install mitmproxy on your mac windows or whatever, install your app on the device, launch mitmproxy on the terminal, make your computer's IP a proxy on the device, install https certificate as described on mitmproxy docs, launch you app, and enjoy! mitmproxy can show all outgoing connections from your app. Good luck!
EDIT
Starting from iOS 9, you can set trusted hosts in the app Info.plist under App Transport Security Settings key. More info about it you can find here. Hope this was helpful.
I'm not sure it is possible to ensure an app never makes a network call.
As Fahri Azimov suggests, you could test whether the 3rd party framework makes network calls by funnelling all traffic from test devices through a proxy. You can do this locally on you Mac using the iOS Simulator and Little Snitch. But this cannot ensure that the framework will Never make a network call.
A work-around to ensure no your app performs no networking could be to use NSURLProtocol to intercept any network calls and return errors. You could look at the OHHTTPStubs framework for inspiration. But, again, this is limited as it will only catch NSURLConnection / NSURLSession networking calls, it won't intercept low-level networking operations which the framework could make.
I just wonder why and for what kind of application or case we need the Socket.IO.
I am the iOS developer of a known open source project socket.IO-objc
Usually, we need HTTP or HTTPS to communicate with server. The socket aims to conduct real time communication (It should always keep a live HTTP connection.)
Libraries like socket.IO are needed when we need real-time in our app. Let me explain this in little more detail. Let's assume that you are developing a game, which is multiplayer and 2 or more users can play that simultaneously. Then, in that case, you won't be making HTTP or HTTPS calls because of many reasons and one of them is that their packet size is large and other is that these calls are very slow. In such scenarios we use libraries like sockets to send and receive data to and from the server. Sockets are really fast and are capable of sending only those data packets which are needed. Using HTTP programming you can never create any multiplayer game or any app which will be interacting with a server on a realtime basis.
Let's take another example. Let's assume that you are working on a chat application. When user A is typing something then user B should know that A is typing (similar to gtalk of facebook messenger). If you will use HTTP calls at that point of time then "B" will never be able to see the actual status of the other person because of the delay. So what we can use is sockets so that when user A is typing anything then his device will send only one data packet which will just notify the server that he is typing and will be delivered to user B, this process is really fast (almost realtime) and will reduce the data transfer also.
I'm working on chat application using socket.io also. So it seems to replacing everythings with socket.io. This is making me in doubt and curiousness. I totally agree with real-time app like chat suits for socket.io. However there is round-trip communication (such as user login) that's more suitable for HTTP.
Socket.io uses web socket to pass data among users who are all connected to a web server. With web socket, there is no negotiation protocols and connection remain open as long as users concerned are registering for service with the web server. As pointed out also, the payload is significantly less than http/https protocol.
Socket.IO is a JavaScript library for realtime web applications. It enables realtime, bi-directional communication between web clients and server. It has two parts: a client-side library that runs in the browser, and a server-side library for node.js. Both components have a nearly identical API.
Assuming I have implement that :
making my app as a server which means in safari I can connect to the app if I input http://url-link.
My question is : if I request http:// url-link/doc, and the server - that is my app can return the content in document directory.
I don't know how to write the web service in iPhone.
As I'm fresh to web service, can any one help me?
thanks
This is one possibility: Cocoa HTTP Server. From the project's page:
So with Apple's framework for an HTTP
server tucked under our arm we set out
to make our own. We wanted the
following:
Built in support for bonjour broadcasting
IPv4 and IPv6 support
Asynchronous networking using standard Cocoa sockets/streams
Digest access authentication
TLS encryption support
Extremely FAST and memory efficient
Heavily commented code
Very easily extensible
You can link this library from your app and effectively make it a mini-web server.