hacktricks/ios-pentesting/burp-configuration-for-ios.md

Burp Suite Configuration for iOS

Burp Cert Installation in physical iOS

You can install Burp Mobile Assistant for help installing the Burp Certificate, configure the proxy and perform SSL Pinning.
Or you can manually follow the next steps:

• Configure Burp as the iPhone proxy in Settings --> Wifi --> Click the network --> Proxy
• Access http://burp and download the certificate
• Access Setting --> Profile Downloaded and Install it you will be asked your code

Burp Cert Installation in Simulator

• Export Burp Certificate

In Proxy --> Options --> Export CA certificate --> Certificate in DER format

• Drag and Drop the certificate inside the Emulator
• Inside the emulator go to Settings --> General --> Profile --> PortSwigger CA, and verify the certificate
• Inside the emulator go to Settings --> General --> About --> Certificate Trust Settings, and enable PortSwigger CA

Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator

{% hint style="info" %} The iOS simulator will use the proxy configurations of the MacOS. {% endhint %}

MacOS Proxy Configuration

Steps to configure Burp as proxy:

• Go to System Preferences --> Network --> Advanced
• In Proxies tab mark Web Proxy (HTTP) and Secure Web Proxy (HTTPS)
• In both options configure 127.0.0.1:8080

• Click on Ok and the in Apply