So, I thought to write a post on intercepting HTTP/HTTPS traffic from iOS devices to Burp Suite. This might not be a new thing for many of you but there are many readers who are still learning Burp Suite, this is for them.
Let's get started.
NOTE: Click on images to view in HD.
1: Open Burp Suite and go to Proxy > Options > Edit as shown below.
2: select "All interface" and press "OK" button.
3: Check your internal IP in the system. You should know how to check your internal IP irrespective of OS you are using. Here, mine is 172.16.0.91
4: In your iOS device, go to Settings > WiFi. Select the WiFi you are connected. Click on "i" button as shown below. Make sure that your system where you want to intercept the traffic and the iOS device both are connected to same network.
6: Select "Manual" and enter the IP address of your system where the Burp Suite is running. Here, my IP is 172.16.0.91 and Burp is running on port 8080 so I will set it accordingly. After entering IP and Port press "Save".
8: Go to the web browser in your iOS device and open any website which runs on HTTP (Not HTTPS). Here I have opened http://theburpsuite.com (Well we are using HTTP and it will redirect to https://www.theburpsuite.com/ )
9: Go to Burp Suite and you will see the HTTP request to http://theburpsuite.com.
10: Below are all the requests to http://theburpsuite.com in HTTP history tab. You can send the request to Repeater, Intruder, Scanner as per your requirement.
11: In iOS device web browser we can the URL and its response we requested.
So, this is how we can intercept the traffic of any application (running on HTTP, not HTTPS) from iOS devices.
But what about the applications running on HTTPS? Let's do it.
12: Open google.com in iOS web browser you will see an error as shown below. Because we are intercepting the communication over HTTPS and our Burp certificate is not trusted.
13: Let's add our Burp certificate to iOS trust store. Open iOS web browser and go your internal IP:Port where you are running the Burp and port. Here, my internal IP is 172.16.0.191 and Port is 8080 so I will open 172.16.0.191:8080 as shown below.
14: You will see "CA Certificate" in the webpage as shown below. This is your burp certificate which will be installed on your iOS device. Click on "CA Certificate" to download the certificate.
15: Click on "Allow" to install the certificate to your iOS device.
16: Select "iPhone".
17: Select "Install".
18: Enter your iOS device passcode.
19: Again select "install".
20: The Burp CA Certificate is installed now, select "Done".
Since the Burp Certificate is installed, we should be able to intercept HTTPS traffic in Burp Suite. Now let's try to open HTTPS website and intercept HTTPS traffic.
21: As you can see below, I am still not able to intercept HTTPS traffic and got the same error again.
Why this error? Generally, once the certificate is installed successfully then it must trust the certificate and allows the interception, right?
Well, there is a catch. If you are trying this method on iOS 10.3 or later, then you will face this issues. Now Apple doesn't allow the user to directly install certificate and trust it. Now there is something called "Certificate Trust Setting".
Let's go there and trust our certificate.
22: Go to "General > About > Certificate Trust Settings" as shown below.
23: You will see Burp CA certificate as shown below. Select toggle button in front of certificate as shown and make it green to "ENABLE FULL TRUST FOR ROOT CERTIFICATE"
24: Select "Continue".
25: Now our certificate is installed and trusted, we should be able to intercept HTTPS traffic. Let's do it. Open https://www.google.com
26: Go to Burp and intercept the request. Below we can see the HTTPS traffic from Google 😀We did it.
27: Below is all the traffic from Google.
28: Same way, facebook.com and intercept HTTPS traffic.
29: HTTPS traffic of Facebook.
30: Now you can open any iOS application and intercept HTTPS traffic. Below is my xbox application for iPhone.
31: Below is the intercepted HTTPS request from xbox application.
NOTE: Keep in mind that if the application using "Certificate Pinning" then you won't be able to intercept traffic in the Burp Suite. There are ways to bypass that restriction though, we will discuss it later.
Hope this post will help you in intercepting HTTPS traffic of iOS devices (iPhone/iPad). If you enjoy this post then don't forget to share this post with your friends :)
){kind=link}
0 Comments