Use Burp Suite to capture HTTPS communication packet methods on iphone

Foreword: When using Burp agent to analyze mobile device application communication, will encounter the use of SSL/TLS application, this time will be because the certificate verification does not pass the packet analysis, as shown in the use of the Burp agent on the PC on the iOS device to analyze the Facebook login communication on the error prompt. You will need to install the certificate on your mobile device to trust the burp agent. The following describes how to export the Burp certificate, install the Burp certificate, and set the method for the agent to grab the package. First, export the Burp certificate

First step: Run Burpsuite

-jar Burpsuite_pro_v1.  4.07.  Jar    

Set Proxy-options

Step two: Open Firefox, set up network Settings

Step three: Enter https://www.facebook.com in the browser

Click Add Exception

Click View

Select the Portswigger CA, click Export, and the certificate is exported (plus the CER suffix for iOS device identification)

Second, install the certificate on the iOS device to store the certificate in the site directory, and then access the path through the device browser (e.g. Http://10.0.0.4/PortSwiggerCA.cer), install the certificate third, set up iOS device using Burpsuite agent on Mac first step: Run Burp on Mac, set proxy options

Step two: Set up an HTTP proxy for your iOS device

Step three: Run the app and analyze the communication packet (below is the communication packet that landed on Facebook)

Reference:

Http://carnal0wnage.attackresearch.com/2010/11/iphone-burp.html

Use Burp Suite to capture HTTPS communication packet methods on iphone