# iOS Burp Suite Configuration
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
\ Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Get Access Today: {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} ## Installing the Burp Certificate on iOS Devices For secure web traffic analysis and SSL pinning on iOS devices, the Burp Suite can be utilized either through the **Burp Mobile Assistant** or via manual configuration. Below is a summarized guide on both methods: ### Automated Installation with Burp Mobile Assistant The **Burp Mobile Assistant** simplifies the installation process of the Burp Certificate, proxy configuration, and SSL Pinning. Detailed guidance can be found on [PortSwigger's official documentation](https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing). ### Manual Installation Steps 1. **Proxy Configuration:** Start by setting Burp as the proxy under the iPhone's Wi-Fi settings. 2. **Certificate Download:** Navigate to `http://burp` on your device's browser to download the certificate. 3. **Certificate Installation:** Install the downloaded profile via **Settings** > **General** > **VPN & Device Management**, then enable trust for the PortSwigger CA under **Certificate Trust Settings**. ### Configuring an Interception Proxy The setup enables traffic analysis between the iOS device and the internet through Burp, requiring a Wi-Fi network that supports client-to-client traffic. If unavailable, a USB connection via usbmuxd can serve as an alternative. PortSwigger's tutorials provide in-depth instructions on [device configuration](https://support.portswigger.net/customer/portal/articles/1841108-configuring-an-ios-device-to-work-with-burp) and [certificate installation](https://support.portswigger.net/customer/portal/articles/1841109-installing-burp-s-ca-certificate-in-an-ios-device). ### Advanced Configuration for Jailbroken Devices For users with jailbroken devices, SSH over USB (via **iproxy**) offers a method to route traffic directly through Burp: 1. **Establish SSH Connection:** Use iproxy to forward SSH to localhost, allowing connection from the iOS device to the computer running Burp. ```bash iproxy 2222 22 ``` 2. **Remote Port Forwarding:** Forward the iOS device's port 8080 to the computer's localhost to enable direct access to Burp's interface. ```bash ssh -R 8080:localhost:8080 root@localhost -p 2222 ``` 3. **Global Proxy Setting:** Lastly, configure the iOS device's Wi-Fi settings to use a manual proxy, directing all web traffic through Burp. ### Full Network Monitoring/Sniffing Monitoring of non-HTTP device traffic can be efficiently conducted using **Wireshark**, a tool capable of capturing all forms of data traffic. For iOS devices, real-time traffic monitoring is facilitated through the creation of a Remote Virtual Interface, a process detailed in [this Stack Overflow post](https://stackoverflow.com/questions/9555403/capturing-mobile-phone-traffic-on-wireshark/33175819#33175819). Prior to beginning, installation of **Wireshark** on a macOS system is a prerequisite. The procedure involves several key steps: 1. Initiate a connection between the iOS device and the macOS host via USB. 2. Ascertain the iOS device's **UDID**, a necessary step for traffic monitoring. This can be done by executing a command in the macOS Terminal: ```bash $ rvictl -s Starting device [SUCCEEDED] with interface rvi0 ``` 3. Post-identification of the UDID, **Wireshark** is to be opened, and the "rvi0" interface selected for data capture. 4. For targeted monitoring, such as capturing HTTP traffic related to a specific IP address, Wireshark's Capture Filters can be employed: ## Burp Cert Installation in Simulator * **Export Burp Certificate** In _Proxy_ --> _Options_ --> _Export CA certificate_ --> _Certificate in DER format_ ![](<../../.gitbook/assets/image (459).png>) * **Drag and Drop** the certificate inside the Emulator * **Inside the emulator** go to _Settings_ --> _General_ --> _Profile_ --> _PortSwigger CA_, and **verify the certificate** * **Inside the emulator** go to _Settings_ --> _General_ --> _About_ --> _Certificate Trust Settings_, and **enable PortSwigger CA** ![](<../../.gitbook/assets/image (460).png>) **Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator** {% hint style="info" %} **The iOS simulator will use the proxy configurations of the MacOS.** {% endhint %} ### MacOS Proxy Configuration Steps to configure Burp as proxy: * Go to _System Preferences_ --> _Network_ --> _Advanced_ * In _Proxies_ tab mark _Web Proxy (HTTP)_ and _Secure Web Proxy (HTTPS)_ * In both options configure _127.0.0.1:8080_ ![](<../../.gitbook/assets/image (461).png>) * Click on _**Ok**_ and the in _**Apply**_
\ Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Get Access Today: {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.