Sniffing Outgoing HTTP Traffic on an iOS Device

Published in HTTP on Oct 30, 2013

I'm posting this mainly for my own benefit, but hopefully someone else finds this useful. A lot of people have recommended Charles as a debugging HTTP proxy for OS X. It looks like a great piece of software, but does require that you pay for it after 30 days. I was looking for something quick, easy, and free to analyze outgoing HTTP traffic on an iOS device.

Sadly, such options are few and far between, but if you're willing to install a JDK (which Mavericks handily prompts you to do the first time you try to run a JAR file, and automates much of the installation process), they're slightly better. I found a free edition of one called Burp Suite and managed to figure out how to get it working, so I'm documenting that here for future reference.

I'm using a Macbook Pro and an iPod Touch to do this, but since Burp Suite is written in Java, it should be possible to do this using any Java-capable device on your LAN and any device running iOS.

On the device with Burp Suite:

  1. Open up a terminal (I use iTerm2), run the ifconfig utility, and note the LAN IP address of the local machine (e.g. 192.168.1.113)
  2. Run the Burp Suite JAR file from a terminal like so: java -jar burpsuite_free_v1.5.jar &
  3. In Burp Suite, click the "Proxy" tab and, within that, click the "Options" tab
  4. Under the "Intercept Client Requests" section, uncheck the checkbox marked "Intercept requests based on the following rules" if you don't want to modify requests, only view them (because individual intercepted requests are blocked by the proxy until you manually opt to forward them from the "Intercept" tab within the "Proxy" tab)
  5. Likewise, under the "Intercept Server Responses" section, uncheck the checkbox marked "Intercept responses based on the following rules" if you don't want to modify responses, only view them
  6. Under the "Proxy Listeners" section, select the existing entry in the table and click the "Edit" button
  7. In the "Edit proxy listener" window that appears, next to the "Bind to address" label, select the "Specific address" radio button and, from the drop-down menu next to it, select the LAN IP address of the local machine, then click the "OK" button
  8. Make sure the "Running" checkbox next to the proxy listener is checked, then click to the "History" tab within the "Proxy" tab

On the iOS device:

  1. From the desktop area, click the "Settings" icon
  2. In the "Settings" menu, click the "Wi-Fi" option
  3. In the "Wi-Fi" menu, click the option for your LAN
  4. Scroll to the bottom of the screen, find the "HTTP PROXY" section, and enter the LAN IP and port on which the HTTP proxy is running (8080 by default, you can find it in the proxy listener rule in Burp Suite)
  5. Return to the desktop area, then select the app for which you want to monitor HTTP traffic
  6. Perform some operation that kicks off an HTTP request, then find details on it in the Burp Suite "History" tab