iPhone and WireShark [closed]

iphone sniffing packet-capture packet packet-sniffers

Update (2021-04-01): Paros no longer can be easily installed and run on many OS's due to using an extremely old version of Java.

However there is now OWASP ZAP which is a fork of Paros and can be used to achieve the same ends.

Basic steps are:

  1. Install ZAP's root CA certificate on your iOS device.
  2. Configure the proxy settings of the iOS device to point to your running ZAP.
  3. Capture away.

Thre is a blogpost by Omer Levi Hevroni on OWASP ZAP with iOS which goes into significantly more detail on how to do these steps.

You can use Paros to sniff the network traffic from your iPhone. See this excellent step by step post for more information: http://blog.jerodsanto.net/2009/06/sniff-your-iphones-network-traffic/. Also, look in the comments for some advice for using other proxies to get the same job done.

One caveat is that Paras only sniffs HTTP GET/POST requests using the method above, so to sniff all network traffic, try the following:

  1. Just turn on network sharing over WiFi and run a packet sniffer like Cocoa Packet Analyzer (in OSX).
  2. Then connect to the new network from iPhone over WiFi. (SystemPreferences->Sharing->InternetSharing)

If you're after sniffing these packets on Windows, connect to the internet using Ethernet, share your internet connection, and use the Windows computer as your access point. Then, just run Wireshark as normal and intercept the packets flowing through, filtering by their startpoints. Alternatively, try using a network hub as Wireshark can trace all packets flowing through a network if they are using the same router endpoint address (as in a hub).


This worked for me:

  1. Connect your iOS device by USB

  2. $ rvictl -s UDID where UDID is the UDID of your device (located in XCode under Devices, shortcut to with 2)

  3. $ sudo launchctl list com.apple.rpmuxd

  4. $ sudo tcpdump -n -t -i rvi0 -q tcp or $ sudo tcpdump -i rvi0 -n

If victl is not working install Xcode and the developer tools.

For more info see Remote Virtual Interface and for the original tutorial here's the Use Your Loaf blog post


I have successfully captured HTTP traffic using Fiddler2 as a proxy, which can be installed on any Windows PC on your network.

  1. In Fiddler, Tools -> Fiddler Options -> Connections -> [x] Allow remote computers to connect.
  2. Make sure your windows firewall is disabled.
  3. On the iphone/ipod, go to your wireless settings, use a manual proxy server, enter the fiddler machine's ip address and the same port (defaults to 8888).

Related

CSS display: inline-block does not accept margin-top?
How can I ignore ValueError when I try to remove an element from a list?
Pass variables to AngularJS controller, best practice?
Conditional statement in a one line lambda function in python?
store and retrieve javascript arrays into and from HTML5 data attributes
Appending an id to a list if not already present in a string
Creating multi column legend in ggplot
Bootstrap table row hover
Why can't Git Bash run my executable?
Difference in Auditing and Logging?
Get the time of a datetime using T-SQL?
How to set config.action_controller.default_url_options = {:host = '#''} on per environment basis