Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Sniffing Outgoing HTTP Traffic on an iOS Device

DZone's Guide to

Sniffing Outgoing HTTP Traffic on an iOS Device

· Java Zone ·
Free Resource

Verify, standardize, and correct the Big 4 + more– name, email, phone and global addresses – try our Data Quality APIs now at Melissa Developer Portal!

I’m posting this mainly for my own benefit, but hopefully someone else finds this useful. A lot of people have recommended Charles as a debugging HTTP proxy for OS X. It looks like a great piece of software, but does require that you pay for it after 30 days. I was looking for something quick, easy, and free to analyze outgoing HTTP traffic on an iOS device.

Sadly, such options are few and far between, but if you’re willing to install a JDK (which Mavericks handily prompts you to do the first time you try to run a JAR file, and automates much of the installation process), they’re slightly better. I found a free edition of one called Burp Suite and managed to figure out how to get it working, so I’m documenting that here for future reference.

I’m using a Macbook Pro and an iPod Touch to do this, but since Burp Suite is written in Java, it should be possible to do this using any Java-capable device on your LAN and any device running iOS.

On the device with Burp Suite:

  1. Open up a terminal (I use iTerm2), run the ifconfig utility, and note the LAN IP address of the local machine (e.g. 192.168.1.113)
  2. Run the Burp Suite JAR file from a terminal like so: java -jar burpsuite_free_v1.5.jar &
  3. In Burp Suite, click the “Proxy” tab and, within that, click the “Options” tab
  4. Under the “Intercept Client Requests” section, uncheck the checkbox marked “Intercept requests based on the following rules” if you don’t want to modify requests, only view them (because individual intercepted requests are blocked by the proxy until you manually opt to forward them from the “Intercept” tab within the “Proxy” tab)
  5. Likewise, under the “Intercept Server Responses” section, uncheck the checkbox marked “Intercept responses based on the following rules” if you don’t want to modify responses, only view them
  6. Under the “Proxy Listeners” section, select the existing entry in the table and click the “Edit” button
  7. In the “Edit proxy listener” window that appears, next to the “Bind to address” label, select the “Specific address” radio button and, from the drop-down menu next to it, select the LAN address of the local machine, then click the “OK” button
  8. Make sure the “Running” checkbox next to the proxy listener is checked, then click to the “History” tab within the “Proxy” tab

On the iOS device:

  1. From the desktop area, click the “Settings” icon
  2. In the “Settings” menu, click the “Wi-Fi” option
  3. In the “Wi-Fi” menu, click the option for your LAN
  4. Scroll to the bottom of the screen, find the “HTTP PROXY” section, and enter the LAN IP and port on which the HTTP proxy is running (8080 by default, you can find it in the proxy listener rule in Burp Suite)
  5. Return to the desktop area, then select the app for which you want to monitor HTTP traffic
  6. Perform some operation that kicks off an HTTP request, then find details on it in the Burp Suite “History” tab
- See more at: http://matthewturland.com/2013/10/30/sniffing-outgoing-http-traffic-on-an-ios-device/#sthash.FFRh53jV.dpuf

Developers! Quickly and easily gain access to the tools and information you need! Explore, test and combine our data quality APIs at Melissa Developer Portal – home to tools that save time and boost revenue. Our APIs verify, standardize, and correct the Big 4 + more – name, email, phone and global addresses – to ensure accurate delivery, prevent blacklisting and identify risks in real-time.

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}