It is an important method of client-side testing to grab the packet . This article focuses on several commonly used methods of grasping for iOS devices (iphone, ipad, and Ipodtouch).
I. Conditions of preparation
The device that needs to be caught must go through root, commonly known as jailbreak, mainly using redsn0w and various iosfirmwares, such as jailbreak without replacing the firmware version, just use Redsn0w installation Cydia, there is a detailed online tutorial, omitted here. After installation, start Cydia in 3G or WiFi environment, confirm the identity as " developer", such as.
With the Cydia source, users can download and install software that is more privileged than appstore, but when downloading a program in the Cydia source , the iOS device will interrupt the download if it is latched on. We can prevent standby by setting the time to never in set-general-auto-lock. In addition, if you have a classmate found in the simplified Chinese environment using the Cydia search will flash back, please do not panic, see the Appendix to solve the problem.
The device after root, such as not change the password in time, easy to be destroyed by others your system, so as one of the preparation conditions for the capture package, please change the root password, the initial password is Alpine, can be accessed via SSH connection or directly on the iOS device mobileterminal on the password modification.
Second, the way of grasping the package
Method 1:ssh Connection Access iOS device grab (via USB)--Highly recommended
"Ready to Work"
Installing Tcpdump on iOS devices
Iphonetunnel installed on PC (integrated terminal Tools Putty feature, free install version nearby)
"Action Steps"
1. Connect the phone and PC with USB cable, make sure the phone is connected correctly, start Iphonetunnel, green light indicates tunnelstatus is normal, click launchterminal button to ssh into mobile phone, such as;
2.Putty A prompt window appears, if you do not use SSH frequently, please click "No", such as;
3. Putty will then attempt to log on to the device as root and enter the root password;
4. Use tcpdump to grab the bag (see appendix), e.g..
"Method Reviews"
Via USB direct SSH into the device, regardless of whether the device in the WiFi or 2g/3g, can be grabbed, and the use of simple, method without limitations, it is worth using.
Method 2:ssh Connect Access iOS device Grab bag (via WiFi)
"Ready to Work"
Installing Tcpdump on iOS devices (see appendix)
Install putty on your PC (in the vicinity for a free-to-install version)
Your iOS device is connected to a WiFi network and is on the same network as your PC, and you can use your PC as a hotspot virtual WiFi network to connect to your iOS device, if you have no WiFi network
"Action Steps"
1. View the IP address on your iOS device (set Wi-Fi, click the small arrow to the right of connected WiFi);
2. Click Putty, enter the IP address of the device, and select the connection type of SSH, click Open, such as;
3. The following operations are the same as the 2-4 steps of Method 1.
"Method Reviews"
Putty is via WiFi ssh into the phone, must know the IP address of the phone, if the phone does not have WiFi can not use this method, so this method has certain limitations.
Method 3: Operate the clutch directly on the terminal
"Ready to Work"
Install Mobileterminal, tcpdump on iOS devices (see appendix)
"Action Steps"
1. Click on the device desktop "teminal" icon;
2. Switch to the root user login;
3. Use tcpdump to grab the bag (see appendix), e.g..
"Method Reviews"
Not restricted by the network conditions, but because it is operating on the end of the bag, iOS devices, mobileterminal cut to the background is no longer working, so the capture method is less feasible, however, mobileterminal to the terminal test people is still a useful tool for the staff.
Third, export and other
After the Pcap file is generated, you can download the file to your PC via the 91 mobile phone Assistant (iOS version) and then open the file with Wireshark or ethereal to analyze the message.
Iv. Appendices
1. How to solve the problem of Cydia search flash-back in Chinese environment
First change the system language to English, then enter Cydia, add the first Chinese source (
http://apt.178.com), add the source method as follows: Enter the Cydia, click Manage, then click on the source, click on the upper right corner of the edit, then click on the upper left corner of Add, enter the source address, click Add, Warning, point still added. Wait list refresh complete, return cydia after manage> first Chinese source find ios5cydia Chinese crash fix patch installation, such as. You can use the Cydia search function normally after switching the system to Simplified Chinese again.
2.OpenSSH Installation
OpenSSH provides server-side daemon and client tools to encrypt data in remote control and file transfer processes. After installation, the user can use the PC to control the terminal via remote access. You can find OpenSSH by starting the "search" in the lower right corner of the Cydia. Go to the Installation page and click Install in the top right corner to complete the installation, such as.
3. Mobileterminal Installation
Mobileterminal is a terminal management software used on iOS devices that manages iOS devices in a non-graphical interface similar to the command line, and runs independently of OpenSSH or Telnet and is a standalone app that runs on the system. Enter Cydia After the first Chinese source under the manage> to find a system to adapt to the mobileterminal and installation, such as.
4.tcpdump Installation
91 Mobile Phone Assistant (iOS version) can be installed on the terminal tcpdump,:http://apt.saurik.com/debs/if you are unsure which one to use for your phone, you can install the TCP installation package in the attachment.
If you perform tcpdump prompt libpcap error after installation, you need to install LIBPCAP, if you are unsure which one is suitable for your phone, you can install the Lib installation package in the attachment.
Use of tcpdump on 5.ios devices
For some iOS devices, such as iphone and ipad, can either access WiFi, or access to 2g/3g, when using the tcpdump command, please pay attention to the type of network port, WiFi access card is En0, and 2g/3g when the network card is PDP_IP0, The default is PDP_IP0 when the NIC is not specified. For example,
WiFi under Grab bag tcpdump-i en0-x-s0-wdata.pcap
2G/3G under Grab bag tcpdump-i pdp_ip0-x-s0-w data.pcap or tcpdump-x-s0-w data.pcap
Wu, Q&a
(Ⅰ) What to do if you are prompted for "serverunexpectedly Closed Network Connection" When SSH connects to an iOS device?
A: You can try to solve the problem by reinstalling the OpenSSH.
(Ⅱ) What should I do if I execute tcpdump after installing the TCP installation package and the LIB installation package?
A: It is possible that the Libcrypto.0.9.8.dylib file is missing and can be copied from other iOS device Usr/lib path to the local computer.
In the development process of iOS, often encounter a variety of network access issues, before the lack of capture tools, a lot of network problems to solve the pain. Now that's finally good, this article provides two ways to do network capture:
1. Network sharing + Visual Grab Kit
Basic principle
The principle is simple, the iOS device shares the wireless network card which connects the Mac computer through the proxy way, uses the grab Bag tool to grab the bag, then carries on the analysis (we recommend using the Wireshark, also can use the Paros tool on the MAC system).
Now take the MAC system Paros tool as an example, detailed description of the following packet capture process:
Operation Steps:
1) First share the Mac computer's Ethernet to airport, so that the iOS device can connect via WiFi
Open System Preferences, locate the share, select Internet Share, and on the right, select airport by selecting Ethernet, connect to other computers in the following way.
2) Open Paros, set PAROS local agent Paros (http://www.parosproxy.org/)
In Paros's tools-options, select Local Proxy and enter the airport IP address in address. Enter port 8080. Open System Preferences, locate the network, select Airport on the left, and you can see that airport has an address of 169.254.69.225 and fill it in the Address column mentioned above.
3) Connect your Mac to a shared network using your iOS device: on your iOS device, choose Settings-"General-" network-"WiFi, find a shared network, join." Then in the fine content of the network HTTP proxy section, select Manual, enter the proxy IP and port set in Paros.
4) Below you can use PAROS to monitor the network of your iOS devices, we open Safiri, and in Paros we see all requests from the network.
2. tcpdump Command + Visual Grab Kit
Basic principle
The tcpdump command is a network-grabbing command line that can specify specific devices, and can also develop a specific five-tuple to capture packets on the link. It can be printed on the terminal or the captured data can be written to a file, the format of the file is a binary form, so I opened the file when the tool is UltraEdit.
Of course, you can also save the PCAP format that Wireshark can recognize, and then use Wireshark to view it.
Operation Steps
1) using SSH to access the iphone, use the top command to get:
The steps are as follows:
A) Get the device IP address (WiFi address):
b) Open the terminal on the PC and enter the SSH [email protected] Address:
Enter Password: Alpine (root user's default password)
2) Save the TCP packet to the root of the iOS device via the "tcpdump-x-s0-w/data.pcap" command.
3) Remove the Pcap file by using a tool such as 91 Assistant, and use double-click to open view under Windows using Wireshark.
Of course, you can also not output to a file, tcpdump command format and parameter description:
tcpdump [-ADEFLNNOPQSTVX] [-C Quantity] [-f filename]
[-I Network interface] [-R FileName] [-S Snaplen]
[-T type] [-w file name] [Expression]
Selection Introduction:
-A converts the network address and broadcast address into a name;
-D gives the code of the matching packets in a compiled format that people can understand;
-DD the code of the matching packet is given in the format of the C Language Program section;
-DDD the code for matching packets is given in decimal form;
-e Displays the number of packets captured
-F Print out the external Internet address in digital form;
-L causes the standard output to become the buffer line form;
-N Do not convert the network address into a name;
-T does not print timestamps on each line of the output;
-V outputs a slightly more detailed information, such as the TTL and the type of service that can be included in the IP packet;
-VV output detailed message information;
-C After receiving the specified number of packets, the tcpdump will stop;
-F reads an expression from the specified file, ignoring other expressions;
-i specifies the network interface for listening;
-R reads packets from the specified file (these packages are typically generated via the-w option);
-W writes the package directly to the file and does not parse and print it;
-T directly interprets the heard packet as a specified type of message, common types are RPC (remote Procedure Call) and SNMP (Simple Network Management Protocol;)
The main options I use when using this command are:-I [Interface name]-w [filename]-v-vv-c-x-e
For example:
I was capturing 100 packets from eth0 and writing the data to the Capture.cap file in the following format:
Tcpdump-i eth0-w capture.cap-v-vv-c 100-x-E
Grab a packet between an IP segment:
Tcpdump–s 0–w Socket host 10.1.3.9 and host 10.1.3.84
If you are from eth0 and the communication protocol port is 22, the destination IP is 192.168.1.100 to get the data:
Tcpdump-i eth0 port and SRC host 192.168.1.100
There are other key words: Host, (host), net (Gateway), Port (port), src (source IP), DST (destination IP), regular expression: and, or.
How to grab a jailbreak for an iOS device
2014-04-24 22:33 181 People Read review (0) Favorite Report
Remote Virtual Interface
Added RVi (Remote Virtual Interface) after iOS 5, which lets us use OS X to crawl packets on iOS device.
The basic method is to connect the device to the Mac via USB. Then, to install RVi for this device, this virtual network card on the MAC represents the use of the NIC for this iOS device. Then grab the package on your Mac and navigate to the virtual network card to grab the packet.
(1) To install RVI, you need to use the Rvictl tool, the following steps in the Mac terminal operation:
$ # First get the current list of interfaces.
$ ifconfig-l
Lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0
$ # then run the tool with the UDID of the device.
$ rvictl-s 74bd53c647548234ddcef0ee3abee616005051ed
Starting device 74bd53c647548234ddcef0ee3abee616005051ed [succeeded]
$ # Get The list of interfaces again, and you can see the new virtual
$ # network interface, Rvi0, added by the previous command.
$ ifconfig-l
Lo0 gif0 stf0 en0 en1 p2p0 fw0 ppp0 utun0 rvi0
(2) After the successful installation, you can actually use any grab bag tool to crawl. including Wireshark and so on. Because then you will see a rvi0 network card. But today we are going to do it through tcpdump.
Enter the following command in the terminal:
sudo tcpdump-i rvi0-n-S 0-w dump.pcap TCP
Explain the meaning of the important parameters above:
-I rvi0 select the interface to be crawled as RVI0 (Remote virtual interface)
-S 0 fetching all packets
-W dump.pcap setting saved file names
CP only crawls TCP packets
When Tcpdump is running, you can start browsing the apps you want to crawl on your iOS device, and the resulting packets will be saved to the Dump.pcap file, and the tcpdump can be terminated directly when you want to end the crawl. Then locate the Dump.pcap file in your Mac. Open with Wireshark OK.
(3) Remove RVi This virtual network card, use the following command:
$ rvictl-x 74bd53c647548234ddcef0ee3abee616005051ed
Stopping device 74bd53c647548234ddcef0ee3abee616005051ed [succeeded]
This is the whole process. Do it yourself.
iOS System device Network capture tool Description: Jailbreak and no Jailbreak method