I've been using Burp Suite to inspect HTTP traffic but for HTTPS traffic I've been unable to do so. I tried extracting Burps certificate and dropping it into the simulator and installing it, but my network calls still seem to be silently failing.
Burp is the simplest option so I'd like to know how to get it to work.
Check out the shell script written by the good folks over at Charles Proxy.
It installs automatically to the iPhone simulator. You should be able to use the same approach for Burp.
You can email yourself the cert to install it on a device. Another option is to modify your app to ignore the usual checks for the SSL cert, but don't forget to take it out for production.
Also the book Hacking and Securing iOS applications has tons of awesome advice if you're into stuff like this.
Here's another answer that must be where I got the idea of using the Charles script: Adding a self-signed certificate to iphone Simulator?
And another answer that might be relevant: iPhone TrustStore CA certificates
Related
I am trying the proxy the network traffic from my iPhone to Mac via Charles Proxy, below are the versions i am using:
iPhone - model 13, OS - 15.4
Mac - OS - Monterey (12.2.3)
Charles - 4.6.2 (licensed)
I installed Charles on Mac, enabled SSL Proxying, added generic IP (0.0.0.0/0) in Access Control Settings, got the local IP address from Help and used it on my iPhone wifi settings - Proxy > manual > local IP from Charles and port 8888.
As soon as i do this my phone is not able to connect to internet at all. I have seen various instructions about adding root certificate, enabling trust settings etc, but those all can be done only if am able to connect to internet to download the certificates. Which i am unable to.
I went through every question on this site which mentions Charles proxy, but none could provide any solution to my problem so appreciate any inputs on this.
If there is no important information in your phone, you can reset the network settings first, then try the following
Make sure that both the computer and the phone are not using a virtual private network
The computer and the phone are in the same network environment
The computer has the Charles root certificate installed
The phone has successfully installed Charles' certificate and trusts it.
If the above suggestions don't help you, I suggest starting from scratch and troubleshooting the problem step by step
Let's take mobile phones and computers accessing https://www.google.com separately as an example
After the computer installs the certificate, can it be connected to the Internet normally, and can it crawl Google's response request?
The mobile phone and the computer are on the same network segment and use the proxy URL provided by charles. Can you access and download the certificate?
3. On the computer, does Charles pop up an access prompt and ask you to choose whether to agree to the access?
Turn off the computer-side crawling and access it on the mobile phone to see if it can crawl the response request on the mobile phone.
Next time, check the firewall in the security and privacy settings. It should not block Charles' incoming connections. I spent two hours trying to figure out what was going on
I need to be able to capture HTTP(S) requests from Android and iOS devices, for both Browsers and, in the future, for Native apps for testing purposes mainly.
Some aspects to consider:
There are a lot of devices/iOS combinations to support, so the only viable solution is to use a Cloud Browser provider like SauceLabs, BrowserStack, etc.
Preferably, I would use Real devices, not Emulators/Simulators
We could make any kind of tweaks for the staging environment of the site under test in case is needed
Same for the native applications
My first attempt was to give it a try with FiddlerCore, and while it works on Android, it doesn't work on iOS because of the self-signed certificate that would require to be trusted manually (leaving aside the fact that due to security reasons, no Cloud Browser provider would allow you to do it).
So, next I thought of creating a proxy server and buying a Trusted CA Signed Certificate (e.g. Comodo, GoDaddy, etc), setup the device to use that proxy server and then fetch in my tests the requests and responses from it.
I don't know much about Certificates and don't have extensive experience Appium, so the following questions arise:
Will the setup mentioned above, using a proxy server and trusted CA signed cert suffice for iOS not to complain that the certificate is not trusted? Note that I won't be able to manually accept the cert on the device (in case it's needed).
In case the setup above will work, is it possible to setup using Appium the proxy settings on the device? As far as I know, Appium can interact with Android Settings menu, but I'm not sure about iOS.
Is there anything that I missed or that I could keep mind?
I am having a problem since upgrading to Xcode 8 from 7.3.1.I am behind a proxy at work and the simulator will not make any connections to web services though my app although Safari on the simulator works.Everything works fine when I try outside the proxy and it works fine with 7.3.1.Does anyone now of any changes with Xcode 8 & iOS 10 that I need to make?
The Simulator runs a separate iOS/watchOS/tvOS userspace but shares the host macOS kernel. NSURLSession in the Simulator has its own cache but uses the host socket layer.
Try the relevant URI in Safari in the Simulator and see what you get. If your proxy is performing a man-in-the-middle attack on SSL connections they will be rejected as invalid. If your proxy requires authentication it won't work because the Simulator keychain is separate from the host keychain (though this was done in Xcode 7 so it isn't new).
FTW: We do not recommend that proxies MITM SSL connections; that leaves you dangerously exposed to attackers operating inside the corporate firewall, which is extremely common these days thanks to phishing attacks.
We also highly recommend that you limit ATS exceptions to the absolute minimum required. If your webservice is using insecure SSL settings you should upgrade your webservice, rather than down-grading your users to vulnerable connections. If there is only one or two third-party hosts you need to connect to, limit your ATS exceptions to just those hosts.
If none of this helps please file a bug at https://bugreporter.apple.com. Include the output of sysdiagnose and ~/Library/Logs/CoreSimulator.
I would like to be able to control my mac over http post commands.. (Launching apps for example)
I have this jailbreak tweak (activate command) on my iphone that can send shell commands and http post requests (using curl)
But the problem is that i don't know how to prepare my mac for receiving and processing these requests.. Should I use python or php scripts (any tutorials on receiving post requests?) or are there any easy-to-setup restful api's to setup on my mac?
Thanks guys
What you're talking about already exists, in mutltiple forms actually.
RDP: You're probably already aware of Remote Desktop Clients which should be sufficient enough. If you're really inclined on launching apps via command line, you can just open up terminal and do it remotely.
SSH: You can set up a secure shell server on both devices and launch a connection over the LAN. There are multiple clients that I know of on dos systems such as PuTTY or WinSCP. On UNIX systems, there is an SSH shell which you can use for remote connections on either ends. However everything you do will be command-line so you should already have a knowledge of the file system structure and how to navigate it and actually use it.
If you are looking for a script on iOS, I've had very little experience with developing in Python and I don't even know if it can pull off what you are asking. iOS 7.X >= compiles in Objective-C, iOS 8.X compiles in Swift, and the upcoming iOS 9 will be compiling in Swift 2.
Is there any way to use Charles proxy selectively with particular applications like iOS Simulator on Mac OS X? Currently while monitoring HTTP traffic to and fro iOS application running with iOS Simulator, Charles also monitors HTTP traffic from other apps like Chrome and Mail app etc. This is really distracting. Is there any way to do this except adding the list of domains that we want to bypass under Charles Proxy settings ?
Chrome is really a problem because it uses Mac OS X proxy settings. I tried extension like Proxy Switchy but it either doesn't help or I don't know how to configure it.
Any pointers will be highly appreciated. Thanks!
You can indeed filter the records in Charles proxy. Just go to Proxy>Record Settings...
Then u can include or exclude any domain that you need to.
Thats the only way to do it. using domain, port, path or query.
If you dont wanna record things coming from google Chorme, just disable the option pressing Cmd+Shift+P , this will disable Mac OS X Proxy.
Using the Sequence tab, you can set a filter:
Quick, easy and no proxy menus and settings to worry about.
I was trying to do something similar. Consider this as an alternative. If you have an iOS device, you can run your app on the device and configure Charles to only show traffic from remote clients by disabling the "Mac OS X proxy"
Here is an example setup:
Using one remote client (say an iPad in this case) and a Mac running Charles as your proxy host, disable the "Mac OS X proxy" by deselecting the checkbox in Proxy Settings >> Mac OS X Tab >> Enable Mac OS X proxy (See image below.)
By doing so, you essentially filter your simple setup to only display traffic that is coming from remote client (the iPad).
To audit the whole traffic, I actually had to use a real device. it's not possible to filter the client app easily with an iOS simulator because the simulator and the host (your mac) shared the same IP. But it's pretty nice if you use a device. More info Help > SSL Proxying > Install Charles Root Certificate on a Mobile Device or Remote Browser.
Check your IP, make sure the device and your mac are in the same network (your IP can be checked in the "Install Charles Root Certificate..." above-mentioned section of Charle's Help.
Open chls.pro/ssl on your device and install the certificate on your device.
Make sure your certificate pinning is off (if you use some sort of it).
Check you Proxy > SSL Proxying Setting as normally (make sure all hosts you want to track are there).
Run the app.
Accept the upcoming traffic from your device in Charles if asked.
Save the session and filter outside from the Charles because there is still no Client Address/Client IP filterable in Charles. 😔 Alternatively, it's quite easier to see the traffic from a device listed in the app and distinguish from 127.0.0.1 and "anything else".
BTW. To filter my application backend I prefer not to use the basic filter feature (on the bottom) as djibouti33 proposed, but rather Focused Hosts (View > Focused Hosts...). And there is a toggle/check box to hide/show other calls on the sequence list. Pretty convenient.