Use Burp Suite to capture HTTPS communication packet methods on iphone

Source: Internet
Author: User

Foreword: When using Burp agent to analyze mobile device application communication, will encounter the use of SSL/TLS application, this time will be because the certificate verification does not pass the packet analysis, as shown in the use of the Burp agent on the PC on the iOS device to analyze the Facebook login communication on the error prompt. You will need to install the certificate on your mobile device to trust the burp agent. The following describes how to export the Burp certificate, install the Burp certificate, and set the method for the agent to grab the package. First, export the Burp certificate

First step: Run Burpsuite

-jar Burpsuite_pro_v1.  4.07.  Jar    

Set Proxy-options

Step two: Open Firefox, set up network Settings

Step three: Enter https://www.facebook.com in the browser

Click Add Exception

Click View

Select the Portswigger CA, click Export, and the certificate is exported (plus the CER suffix for iOS device identification)

Second, install the certificate on the iOS device to store the certificate in the site directory, and then access the path through the device browser (e.g. Http://10.0.0.4/PortSwiggerCA.cer), install the certificate third, set up iOS device using Burpsuite agent on Mac first step: Run Burp on Mac, set proxy options

Step two: Set up an HTTP proxy for your iOS device

Step three: Run the app and analyze the communication packet (below is the communication packet that landed on Facebook)

Reference:

Http://carnal0wnage.attackresearch.com/2010/11/iphone-burp.html

Use Burp Suite to capture HTTPS communication packet methods on iphone

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.