Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to configure the latest iOS device for mobile device interception

anil | Last updated: Jun 17, 2020 07:40AM UTC

Hello Is it still possible to configure the iOS mobile device iPhone to configure so that we can intercept the iPhone traffic using burp suite pro? I tried but failed. Thanks

Ben, PortSwigger Agent | Last updated: Jun 17, 2020 09:32AM UTC

Hi, This should still be possible. Are you able to provide us with details of the issues that you are facing and the steps that you have tried so far?

anil | Last updated: Jun 17, 2020 09:55AM UTC

Alright, I configured the different proxy and bound to "All interface" on port 8085 (unused). then I gathered the ip of my system and configured in my iPhone running iOS 13 above. then installed the certificate using http://burpsuite in iPhone browser and installed. full trust on that CA certificate is also provided going through general>about>certificate trust setting and then turn portswigger CA on for full trust. Now accessing the any site, gives me error " safari could not establish a secure connection to the server" In Firefox: "An SSL error has encountered and a secure connection to the server cannot be made" Is there anything I made mistakes?

anil | Last updated: Jun 18, 2020 07:41AM UTC

Will you please let me know ?

Ben, PortSwigger Agent | Last updated: Jun 18, 2020 08:54AM UTC

Hi, The steps that you have carried out sound fine. If you browse to an HTTP site on the browser within your iOS device does this connect successfully and do you see traffic pass through Burp (The http://scratchpads.eu/ site is a good one to use to test for this)? If this works then your setup should be good in principal. We are, however, currently investigating an issue whereby users are experiencing issues when using the latest version of Burp against iOS devices above 13. Are you able to run Burp via the Jar file and use the following flag in order to restrict the Burp Proxy to use TLSv1.2 and see if that improves things for you: -Djdk.tls.server.protocols=TLS1.2 If you require further assistance with how to run this then please let me know what operating system and version of Burp you are running.

anil | Last updated: Jun 18, 2020 09:57AM UTC

Hello I haven't tried yet using burp jar file. let me try first and then report to you. For the above context, it doesn't intercept any site using above mentioned methods.

Ben, PortSwigger Agent | Last updated: Jun 18, 2020 01:04PM UTC

Hi, You should be able to see HTTP traffic from the browser in the iOS device passing through to Burp without the CA Certificate - if this is not appearing in the HTTP History tab (or the Proxy -> Intercept tab if you have the Intercept is on configuration set) then that would suggest the setup is not quite right. You have the IP of the machine running Burp and the 8085 port that you have the Burp Proxy Listener running on configured in the proxy settings of your iOS device? They are both running on the same network?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.