iPhone and WireShark [closed]
Update (2021-04-01): Paros no longer can be easily installed and run on many OS's due to using an extremely old version of Java.
However there is now OWASP ZAP which is a fork of Paros and can be used to achieve the same ends.
Basic steps are:
- Install ZAP's root CA certificate on your iOS device.
- Configure the proxy settings of the iOS device to point to your running ZAP.
- Capture away.
Thre is a blogpost by Omer Levi Hevroni on OWASP ZAP with iOS which goes into significantly more detail on how to do these steps.
You can use Paros to sniff the network traffic from your iPhone. See this excellent step by step post for more information: http://blog.jerodsanto.net/2009/06/sniff-your-iphones-network-traffic/. Also, look in the comments for some advice for using other proxies to get the same job done.
One caveat is that Paras only sniffs HTTP GET/POST requests using the method above, so to sniff all network traffic, try the following:
- Just turn on network sharing over WiFi and run a packet sniffer like Cocoa Packet Analyzer (in OSX).
- Then connect to the new network from iPhone over WiFi. (SystemPreferences->Sharing->InternetSharing)
If you're after sniffing these packets on Windows, connect to the internet using Ethernet, share your internet connection, and use the Windows computer as your access point. Then, just run Wireshark as normal and intercept the packets flowing through, filtering by their startpoints. Alternatively, try using a network hub as Wireshark can trace all packets flowing through a network if they are using the same router endpoint address (as in a hub).
This worked for me:
Connect your iOS device by USB
$ rvictl -s UDID
whereUDID
is the UDID of your device (located in XCode under Devices, shortcut to with ⇧⌘2)$ sudo launchctl list com.apple.rpmuxd
$ sudo tcpdump -n -t -i rvi0 -q tcp
or$ sudo tcpdump -i rvi0 -n
If victl is not working install Xcode and the developer tools.
For more info see Remote Virtual Interface and for the original tutorial here's the Use Your Loaf blog post
I have successfully captured HTTP traffic using Fiddler2 as a proxy, which can be installed on any Windows PC on your network.
- In Fiddler, Tools -> Fiddler Options -> Connections -> [x] Allow remote computers to connect.
- Make sure your windows firewall is disabled.
- On the iphone/ipod, go to your wireless settings, use a manual proxy server, enter the fiddler machine's ip address and the same port (defaults to 8888).