For Network Analysis of iOS applications (including mobile applications), the mobile device traffic is generally imported to the PC, and mature data packet analysis tools such as wireshark on the PC are used for analysis. In general, there are three methods:
1. Set network sharing on the PC to generate wifi hotspots for mobile devices. 2. Enable the http Proxy tool server (such as burpsuite and charles ), then, the mobile device accesses the Internet through the HTTP proxy (only HTTP/HTTPS can be captured) 3. Use the tunneling tool, such as nc + ADVsock2pipe, to introduce the iOS traffic to the PC (jailbreak required)For implementation methods, refer:
Mobile app communication analysis (iOS/Android)
Capture communication packets on mobile devices in real time (ADVsock2pipe + Wireshark + nc + tcpdump)
How to capture HTTPS communication packets using Burp Suite on iPhone
All of the above methods have defects. For example, you can only capture Wi-Fi network communication and cannot capture 2G/3G network packets. After iOS 5, apple introduced the RVI remote virtual interface feature. It only needs to connect iOS devices to mac using a USB cable, then, use the rvictl tool to set up a virtual network interface rvi on the Mac using the UDID of the iOS device as the parameter, so that tcpdump can be used on the mac device, wireshark and other tools perform packet capture analysis on the created interfaces. This traffic analysis method directly captures the network traffic on iOS devices. Therefore, it can be captured for Wi-Fi, 2G/3G, and other network types, a usb data cable can be used, and the PC and iOS devices do not need to be in the same network segment, or they must be jailbroken. The following describes how to use the first step: connect an iOS device to a MAC using a USB data cable Step 2: Obtain the UDID of an iOS device, which can be viewed using iTools, you can also use Xcode's Organizer tool to view Step 3: Create an RVI interface.
$ Rvictl-s <UDID>
The command Rules of The RVI virtual interface can be rvi0, rvi1,.... After creation, you can use the following command to check whether the creation is successful.
$ Ifconfig rvi0
Step 4: Use wireshark or tcpdump to capture packets on mac
$ Sudo tcpdump-I rvi0-n-vv
Step 5: remove the created RVI interface after the analysis.
$ Rvictl-x <UDID>
Reference: http://www.winddisk.com/2012/09/01/mac_capture_iphone_package_remote_virtual_interface/http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html