To capture traffic on a remote device we need to make it visible to Wireshark. To figure this out I reached for Wireshark to capture all the traffic on the device. Luckily for me, it was obvious from the app’s behaviour that it was doing some form of networking. My modus operandi is to start with mitmproxy or Burp Suite, but in this case doing so meant I missed all of the app’s traffic. If you aren’t attentive you can even miss the traffic altogether as I almost did. Apps that use their own HTTP and TLS stack typically don’t respect system proxies and their traffic is completely invisible to these tools. This can be used with tools like mitmproxy, burp suite, or Charles to intercept or even modify network traffic. Recently, I was investigating an app like this and found myself having to intercept its HTTP traffic.Īpps that rely on system libraries will respect any HTTP(s) proxies configure on the device. This poses a problem for anyone trying to snoop on the apps network traffic. There are many reasons to do this, but the most common one I’ve encountered is apps that use a shared core, typically written in C++, which is used in applications on different platforms. Some iOS apps ship their own HTTP and TLS stack instead of relying on Apple’s NSURLSession or the lower level frameworks it relies on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |