Burp Suite User Forum

Create new post

Invisible listener for websocket traffic

Samuel | Last updated: Oct 27, 2016 06:35PM UTC

I'm trying to see WebSocket traffic for an application on an iPhone. I've configured the iPhone and Burp using these two sites: https://support.portswigger.net/customer/portal/articles/1841108-configuring-an-ios-device-to-work-with-burp https://support.portswigger.net/customer/portal/articles/1841109-Mobile%20Set-up_iOS%20Device%20-%20Installing%20CA%20Certificate.html I've set a listener on port 8080 for all interfaces and I have an invisible listener bound to port 443 on the laptop that is acting as the proxy. The invisible listener redirects to the host I know is used to open the WebSocket connection on port 443 (let's call it host-websocket.com). Additionally, in the Project Options I've set the Hostname Resolution so that same host (host-websocket.com) resolves to the IP address of my laptop. I see web traffic (secure and nonsecure) as expected, however I do not see any WebSocket history. I know the application is communicating through a WebSocket from Xcode logs. I know it's using port 443 as well. How do I have Burp show WebSocket History for this application?

PortSwigger Agent | Last updated: Oct 28, 2016 09:46AM UTC

If the WebSockets traffic is passing through Burp, then it will be captured and shown in the WebSockets history. If the app is still working as expected (i.e. WebSockets communication is working correctly) then it appears that the app is not sendings its WebSockets connections via Burp. Since you needed to resort to invisible proxying to get the app to proxy its traffic, it's possible that the WebSockets connections are made using a different hostname or IP address, and you need to figure this out so that it can be redirected via Burp.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.