Foreword: When using Burp agent to analyze mobile device application communication, will encounter the use of SSL/TLS application, this time will be because the certificate verification does not pass the packet analysis, as shown in the use of the Burp agent on the PC on the iOS device to analyze the Facebook login communication on the error prompt. You will need to install the certificate on your mobile device to trust the burp agent. The following describes how to export the Burp certificate, install the Burp certificate, and set the method for the agent to grab the package. First, export the Burp certificate
First step: Run Burpsuite
-jar Burpsuite_pro_v1. 4.07. Jar
Set Proxy-options
Step two: Open Firefox, set up network Settings
Step three: Enter https://www.facebook.com in the browser
Click Add Exception
Click View
Select the Portswigger CA, click Export, and the certificate is exported (plus the CER suffix for iOS device identification)
Second, install the certificate on the iOS device to store the certificate in the site directory, and then access the path through the device browser (e.g. Http://10.0.0.4/PortSwiggerCA.cer), install the certificate third, set up iOS device using Burpsuite agent on Mac first step: Run Burp on Mac, set proxy options
Step two: Set up an HTTP proxy for your iOS device
Step three: Run the app and analyze the communication packet (below is the communication packet that landed on Facebook)
Reference:
Http://carnal0wnage.attackresearch.com/2010/11/iphone-burp.html
Use Burp Suite to capture HTTPS communication packet methods on iphone