How can I intercept & parse through the SSL traffic (incoming & outgoing) generated by my iPad application?
Asked
Active
Viewed 3,218 times
3
WhiteWinterWolf
- 19,082
- 4
- 58
- 104
voices
- 1,649
- 7
- 22
- 36
-
So what's your question? – Lucas Kauffman Sep 10 '15 at 06:05
-
@LucasKauffman The question is, ***"How?"*** – voices Sep 11 '15 at 07:29
2 Answers
3
Create a CA, import the CA certificate in your iPhone's certificate store and then use an intercepting proxy that MITM's the TLS traffic and re-encrypts it using that CA cert.
This will work with apps that use the system's TLS functions, but not with those implementing their own TLS with OpenSSL (as they won't be using the system's cert store) nor those who do certificate pinning (you'd have to jailbreak to bypass that).
André Borie
- 12,706
- 3
- 39
- 76
-
-
-
-
-
1@Scott混合理论 it should still work, though now there's an extra step. You need to [enable full trust](https://support.apple.com/en-gb/HT204477) for the newly-installed CA. – André Borie Mar 22 '22 at 08:14
2
Download Burp Suite
Install the CA certificate from Burp (download it from http://localhost:8080) on iPhone. Proxy iPhone via Burp on your computer!
Good Read: Installing CA Certificate
Some applications may have the certificate of the web server pinned. To bypass certificate pinning you must might have modify the application itself since the pinning is achieved by an application-specific CA Store.
Good Reads: Defeating SSL Pinning in Coin's Android Application - rotlogix
feral_fenrir
- 713
- 5
- 15
-
Is that really all that's required? I was under the impression it would be much more complicated, requiring DNS redirection & possibly some iptables magic. Cheers. – voices Sep 16 '15 at 18:30