mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-30 06:53:11 +00:00
133 lines
7.8 KiB
Markdown
133 lines
7.8 KiB
Markdown
|
# iOS Burp Suite Configuration
|
||
|
|
||
|
{% hint style="success" %}
|
||
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
|
||
|
<details>
|
||
|
|
||
|
<summary>Support HackTricks</summary>
|
||
|
|
||
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
|
||
|
</details>
|
||
|
{% endhint %}
|
||
|
{% endhint %}
|
||
|
|
||
|
<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
|
||
|
|
||
|
\
|
||
|
Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=burp-configuration-for-ios) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
|
||
|
Get Access Today:
|
||
|
|
||
|
{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=burp-configuration-for-ios" %}
|
||
|
|
||
|
## Installing the Burp Certificate on iOS Devices
|
||
|
|
||
|
For secure web traffic analysis and SSL pinning on iOS devices, the Burp Suite can be utilized either through the **Burp Mobile Assistant** or via manual configuration. Below is a summarized guide on both methods:
|
||
|
|
||
|
### Automated Installation with Burp Mobile Assistant
|
||
|
|
||
|
The **Burp Mobile Assistant** simplifies the installation process of the Burp Certificate, proxy configuration, and SSL Pinning. Detailed guidance can be found on [PortSwigger's official documentation](https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing).
|
||
|
|
||
|
### Manual Installation Steps
|
||
|
|
||
|
1. **Proxy Configuration:** Start by setting Burp as the proxy under the iPhone's Wi-Fi settings.
|
||
|
2. **Certificate Download:** Navigate to `http://burp` on your device's browser to download the certificate.
|
||
|
3. **Certificate Installation:** Install the downloaded profile via **Settings** > **General** > **VPN & Device Management**, then enable trust for the PortSwigger CA under **Certificate Trust Settings**.
|
||
|
|
||
|
### Configuring an Interception Proxy
|
||
|
|
||
|
The setup enables traffic analysis between the iOS device and the internet through Burp, requiring a Wi-Fi network that supports client-to-client traffic. If unavailable, a USB connection via usbmuxd can serve as an alternative. PortSwigger's tutorials provide in-depth instructions on [device configuration](https://support.portswigger.net/customer/portal/articles/1841108-configuring-an-ios-device-to-work-with-burp) and [certificate installation](https://support.portswigger.net/customer/portal/articles/1841109-installing-burp-s-ca-certificate-in-an-ios-device).
|
||
|
|
||
|
### Advanced Configuration for Jailbroken Devices
|
||
|
|
||
|
For users with jailbroken devices, SSH over USB (via **iproxy**) offers a method to route traffic directly through Burp:
|
||
|
|
||
|
1. **Establish SSH Connection:** Use iproxy to forward SSH to localhost, allowing connection from the iOS device to the computer running Burp.
|
||
|
|
||
|
```bash
|
||
|
iproxy 2222 22
|
||
|
```
|
||
|
2. **Remote Port Forwarding:** Forward the iOS device's port 8080 to the computer's localhost to enable direct access to Burp's interface.
|
||
|
|
||
|
```bash
|
||
|
ssh -R 8080:localhost:8080 root@localhost -p 2222
|
||
|
```
|
||
|
3. **Global Proxy Setting:** Lastly, configure the iOS device's Wi-Fi settings to use a manual proxy, directing all web traffic through Burp.
|
||
|
|
||
|
### Full Network Monitoring/Sniffing
|
||
|
|
||
|
Monitoring of non-HTTP device traffic can be efficiently conducted using **Wireshark**, a tool capable of capturing all forms of data traffic. For iOS devices, real-time traffic monitoring is facilitated through the creation of a Remote Virtual Interface, a process detailed in [this Stack Overflow post](https://stackoverflow.com/questions/9555403/capturing-mobile-phone-traffic-on-wireshark/33175819#33175819). Prior to beginning, installation of **Wireshark** on a macOS system is a prerequisite.
|
||
|
|
||
|
The procedure involves several key steps:
|
||
|
|
||
|
1. Initiate a connection between the iOS device and the macOS host via USB.
|
||
|
2. Ascertain the iOS device's **UDID**, a necessary step for traffic monitoring. This can be done by executing a command in the macOS Terminal:
|
||
|
|
||
|
```bash
|
||
|
$ rvictl -s <UDID>
|
||
|
Starting device <UDID> [SUCCEEDED] with interface rvi0
|
||
|
```
|
||
|
|
||
|
3. Post-identification of the UDID, **Wireshark** is to be opened, and the "rvi0" interface selected for data capture.
|
||
|
4. For targeted monitoring, such as capturing HTTP traffic related to a specific IP address, Wireshark's Capture Filters can be employed:
|
||
|
|
||
|
## Burp Cert Installation in Simulator
|
||
|
|
||
|
* **Export Burp Certificate**
|
||
|
|
||
|
In _Proxy_ --> _Options_ --> _Export CA certificate_ --> _Certificate in DER format_
|
||
|
|
||
|
![](<../../.gitbook/assets/image (534).png>)
|
||
|
|
||
|
* **Drag and Drop** the certificate inside the Emulator
|
||
|
* **Inside the emulator** go to _Settings_ --> _General_ --> _Profile_ --> _PortSwigger CA_, and **verify the certificate**
|
||
|
* **Inside the emulator** go to _Settings_ --> _General_ --> _About_ --> _Certificate Trust Settings_, and **enable PortSwigger CA**
|
||
|
|
||
|
![](<../../.gitbook/assets/image (1048).png>)
|
||
|
|
||
|
**Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator**
|
||
|
|
||
|
{% hint style="info" %}
|
||
|
**The iOS simulator will use the proxy configurations of the MacOS.**
|
||
|
{% endhint %}
|
||
|
|
||
|
### MacOS Proxy Configuration
|
||
|
|
||
|
Steps to configure Burp as proxy:
|
||
|
|
||
|
* Go to _System Preferences_ --> _Network_ --> _Advanced_
|
||
|
* In _Proxies_ tab mark _Web Proxy (HTTP)_ and _Secure Web Proxy (HTTPS)_
|
||
|
* In both options configure _127.0.0.1:8080_
|
||
|
|
||
|
![](<../../.gitbook/assets/image (431).png>)
|
||
|
|
||
|
* Click on _**Ok**_ and the in _**Apply**_
|
||
|
|
||
|
<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
|
||
|
|
||
|
\
|
||
|
Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=burp-configuration-for-ios) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
|
||
|
Get Access Today:
|
||
|
|
||
|
{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=burp-configuration-for-ios" %}
|
||
|
{% hint style="success" %}
|
||
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||
|
|
||
|
<details>
|
||
|
|
||
|
<summary>Support HackTricks</summary>
|
||
|
|
||
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
||
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||
|
|
||
|
</details>
|
||
|
{% endhint %}
|
||
|
</details>
|
||
|
{% endhint %}
|