May 21, 2014 at 01:45A few words about the interception of HTTP / HTTPS traffic of iOS applications
- Tutorial
In this article, I will talk about a simple method of We will need:
- iOS 7.0-7.0.4 device with evasi0n jailbreak and installed OpenSSH
- PC with Windows 7 and the latest version of Fiddler2 installed
- iOS device and PC must be connected to the same Wi-Fi network
Perhaps it will work on other versions of iOS and / or Windows too, I have not tried it. In any case, no matter what OS / hardware configuration you have, you do all further actions at your own peril and risk! The author is not responsible for any harm, blah blah blah ... Well, a standard warning, you understand.
Instructions for setting up Fiddler2 are quite simple: open “Tools” → “Fiddler Options” and configure as in the picture:
Close the settings, then click on the icon in the upper right corner of the main window of Fiddler2 and remember the address of your PC on the Wi-Fi network. There will be something like this:
Now, instructions for setting up the iOS device. It is a little more complicated, but also not rocket science. In addition, this needs to be done only once, and then just use:
- Via Cydia, install MobileSubstrate and PreferenceLoader, if not already installed (both packages are in default repositories)
- From https://github.com/iSECPartners/ios-ssl-kill-switch/releases download the com.isecpartners.nabla.sslkillswitch_v0.6-iOS_7.0.deb package to some folder on your PC, and then from it folders on ftps, copy the package to the root of your iOS device using any ftp manager that can do this (under Windows, personally I prefer WinSCP , but of course it’s a matter of taste)
- Log in to your iOS device using SSH as root and run the following commands:
In the process, SpringBoard ("desktop") will reboot on your device - do not be alarmed, it should be so.# dpkg -i /com.isecpartners.nabla.sslkillswitch_v0.6-iOS_7.0.deb # killall -HUP SpringBoard # rm /com.isecpartners.nabla.sslkillswitch_v0.6-iOS_7.0.deb - On your iOS device, go to “Settings” and find the “SSL Kill Switch” section there (yes, it wasn’t there before, but if everything went well in the previous step, it appeared there) and enable the “Disable Certificate Validation” setting
- Reboot your iOS device (with your hands or command
rebootthrough SSH) - Go to the settings of the Wi-Fi network to which your iOS device is connected, set the HTTP proxy in “Manual” and set
- Server: IP address of your PC (yeah! You forgot it!)
- Port: 8888
- Authentification: off
Now, if everything went well, HTTP / HTTPS traffic from your iOS device will run through Fiddler2. Moreover, even the traffic of those applications that use certificate pinning will be visible: thanks to the patch com.isecpartners.nabla.sslkillswitch_v0.6-iOS_7.0.deb, which we installed on our iOS device, in 99% of iOS applications, certificate verification is successful. if the certificate were not slipped into the application (in our case, Fiddler2 palms the application to its own).
That's all. No manual certificate generation, pushing them into iOS (which, as a rule, still doesn’t help against certificate pinning) and other hemorrhoids. True, there is one “but” ... if after your experiments you leave the “Disable Certificate Validation” setting enabled, applications on your iOS device may become vulnerable to MITM attacks - because thanks to the patch they accept any certificates, remember? Therefore, if you use your personal iPhone for your experiments, turn off “Disable Certificate Validation”
Happy sniffing!