The previous article describes how Burpsuite crawls Android app traffic using SSL or TLS, so how does the app in iOS crawl HTTPS traffic?
The routines are basically the same as Android, and the only difference is that there are some ways to import the certificate into the iOS device, which is described in more detail below.
Take the grab kit tool Burpsuite as an example, if you want Burpsuite to crawl HTTPS traffic on your iOS device first, you want to import Burpsuite's certificate into your iOS device,
Please refer to here for Burpsuite's certificate to be obtained and saved on the local PC.
Burpsuite's certificate will be installed on the iOS device, there is a lot of information on the Internet to install the certificate needs on the iOS device
[Set]->[Universal]->[Profile] added, the problem is if you have never installed the relevant certificate, "description file" this option
is not displayed, as shown in
The point is that we can indirectly invoke the file by downloading it by accessing the file containing the certificate on safari.
File description to perform the certificate installation, the issue comes back to where the certificate file is, that is, where the Burpsuite certificate is downloaded,
One of the more stupid way is to upload the Burp certificate file saved in the local PC to Baidu Cloud, and then download the function to find the file's network address,
The operation is as follows:
- Upload the certificate to Baidu Cloud, then click Download
- Click the download to pop up the saved window, which will have the file network address, record the address.
Next, the link saved in the previous step is accessed on safari, at which point the iOS device pops up the following instructions to install the profile:
Click Install, you will be prompted to enter the iOS device unlock password, continue to the following page
Continue the installation, after the installation of the common page has a "profile" module
After entering the module, we found the certificate we just installed.
To this, the Burpsuite certificate import has completed, the rest is to configure the Burpsuite agent on the PC side, set the listening port,
The HTTPS traffic packet can then be crawled by matching the appropriate IP and port on the iOS device.
Burpsuite How to crawl IOS app traffic using SSL or TLS transmissions