Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How to configure the latest iOS device for mobile device interception

anil | Last updated: Jun 17, 2020 07:40AM UTC

Hello Is it still possible to configure the iOS mobile device iPhone to configure so that we can intercept the iPhone traffic using burp suite pro? I tried but failed. Thanks

Ben, PortSwigger Agent | Last updated: Jun 17, 2020 09:32AM UTC

Hi, This should still be possible. Are you able to provide us with details of the issues that you are facing and the steps that you have tried so far?

anil | Last updated: Jun 17, 2020 09:55AM UTC

Alright, I configured the different proxy and bound to "All interface" on port 8085 (unused). then I gathered the ip of my system and configured in my iPhone running iOS 13 above. then installed the certificate using http://burpsuite in iPhone browser and installed. full trust on that CA certificate is also provided going through general>about>certificate trust setting and then turn portswigger CA on for full trust. Now accessing the any site, gives me error " safari could not establish a secure connection to the server" In Firefox: "An SSL error has encountered and a secure connection to the server cannot be made" Is there anything I made mistakes?

anil | Last updated: Jun 18, 2020 07:41AM UTC

Will you please let me know ?

Ben, PortSwigger Agent | Last updated: Jun 18, 2020 08:54AM UTC

Hi, The steps that you have carried out sound fine. If you browse to an HTTP site on the browser within your iOS device does this connect successfully and do you see traffic pass through Burp (The http://scratchpads.eu/ site is a good one to use to test for this)? If this works then your setup should be good in principal. We are, however, currently investigating an issue whereby users are experiencing issues when using the latest version of Burp against iOS devices above 13. Are you able to run Burp via the Jar file and use the following flag in order to restrict the Burp Proxy to use TLSv1.2 and see if that improves things for you: -Djdk.tls.server.protocols=TLS1.2 If you require further assistance with how to run this then please let me know what operating system and version of Burp you are running.

anil | Last updated: Jun 18, 2020 09:57AM UTC

Hello I haven't tried yet using burp jar file. let me try first and then report to you. For the above context, it doesn't intercept any site using above mentioned methods.

Ben, PortSwigger Agent | Last updated: Jun 18, 2020 01:04PM UTC