# Burp Suite Configuration for iOS ## Burp Cert Installation in physical iOS You can install [**Burp Mobile Assistant**](https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing) **for help installing the Burp Certificate, configure the proxy and perform SSL Pinning.** Or you can manually follow the next steps: * Configure **Burp** as the iPhone **proxy in** _**Settings**_ **-->** _**Wifi**_ **-->** _**Click the network**_ **-->** _**Proxy**_ * Access `http://burp` and download the certificate * Access _**Setting**_ --> _**Profile Downloaded**_ and **Install** it \(you will be asked your code\) * Access _**Settings**_ --> _**General**_ --> _**About**_ --> _**Certificate Trust Settings**_ and enable PortSwigger CA ### Setting up an Interception Proxy via localhost Setting up Burp to proxy your traffic is pretty straightforward. We assume that both your iOS device and host computer are connected to a Wi-Fi network that permits client-to-client traffic. If client-to-client traffic is not permitted, you can use usbmuxd to connect to Burp via USB. PortSwigger provides a good [tutorial on setting up an iOS device to work with Burp](https://support.portswigger.net/customer/portal/articles/1841108-configuring-an-ios-device-to-work-with-burp) and a [tutorial on installing Burp's CA certificate to an iOS device](https://support.portswigger.net/customer/portal/articles/1841109-installing-burp-s-ca-certificate-in-an-ios-device). #### Using Burp via USB on a Jailbroken Device When doing dynamic analysis, it's interesting to use the SSH connection to route our traffic to Burp that is running on our computer. Let's get started: First we need to use **iproxy** to make SSH from iOS available on localhost. ```bash $ iproxy 2222 22 waiting for connection ``` The next step is to make a remote port forwarding of port 8080 on the iOS device to the localhost interface on our computer to port 8080. ```bash ssh -R 8080:localhost:8080 root@localhost -p 2222 ``` You should now be able to reach Burp on your iOS device. Open Safari on iOS and go to **127.0.0.1:8080** and you should see the Burp Suite Page. This would also be a good time to [install the CA certificate](https://support.portswigger.net/customer/portal/articles/1841109-installing-burp-s-ca-certificate-in-an-ios-device) of Burp on your iOS device. The last step would be to set the proxy globally on your iOS device: 1. Go to **Settings** -> **Wi-Fi** 2. Connect to _any_ Wi-Fi \(you can literally connect to any Wi-Fi as the traffic for port 80 and 443 will be routed through USB, as we are just using the Proxy Setting for the Wi-Fi so we can set a global Proxy\) 3. Once connected click on the small blue icon on the right side of the connect Wi-Fi 4. Configure your Proxy by selecting **Manual** 5. Type in 127.0.0.1 as **Server** 6. Type in 8080 as **Port** ### Full Network Monitoring/Sniffing If you need to **monitor something different from HTTP communications** you can sniff all the device traffic with **wireshark**. You can remotely sniff all traffic in real-time on iOS by [creating a Remote Virtual Interface](https://stackoverflow.com/questions/9555403/capturing-mobile-phone-traffic-on-wireshark/33175819#33175819) for your iOS device. First make sure you have **Wireshark** **installed** on your macOS host computer. 1. **Connect** your iOS device to your macOS host computer via USB. 2. You would need to know the **UDID of your iOS device**, before you can start sniffing. Open the Terminal on macOS and enter the following command, filling in the UDID of your iOS device. ```bash $ rvictl -s Starting device [SUCCEEDED] with interface rvi0 ``` 1. Launch **Wireshark** and select "**rvi0**" as the capture interface. 2. Filter the traffic with Capture Filters in Wireshark to display what you want to monitor \(for example, all HTTP traffic sent/received via the IP address 192.168.1.1\). ```text ip.addr == 192.168.1.1 && http ``` ![](../.gitbook/assets/image%20%28473%29.png) The documentation of Wireshark offers many examples for [Capture Filters](https://wiki.wireshark.org/CaptureFilters) that should help you to filter the traffic to get the information you want. ## Burp Cert Installation in Simulator * **Export Burp Certificate** In _Proxy_ --> _Options_ --> _Export CA certificate_ --> _Certificate in DER format_ ![](../.gitbook/assets/image%20%28457%29.png) * **Drag and Drop** the certificate inside the Emulator * **Inside the emulator** go to _Settings_ --> _General_ --> _Profile_ --> _PortSwigger CA_, and **verify the certificate** * **Inside the emulator** go to _Settings_ --> _General_ --> _About_ --> _Certificate Trust Settings_, and **enable PortSwigger CA** ![](../.gitbook/assets/image%20%28461%29.png) **Congrats, you have successfully configured the Burp CA Certificate in the iOS simulator** {% hint style="info" %} **The iOS simulator will use the proxy configurations of the MacOS.** {% endhint %} ### MacOS Proxy Configuration Steps to configure Burp as proxy: * Go to _System Preferences_ --> _Network_ --> _Advanced_ * In _Proxies_ tab mark _Web Proxy \(HTTP\)_ and _Secure Web Proxy \(HTTPS\)_ * In both options configure _127.0.0.1:8080_ ![](../.gitbook/assets/image%20%28462%29.png) * Click on _**Ok**_ and the in _**Apply**_